Problem DNS - LAN
-
Hello everyone, I have a problem with the DNS on my LAN .. If a PC has the values set DNS on your network card then able to go to the internet, otherwise if you did not set the values of the DNS does not go on the internet. ..
I set the DNS values of pfSense but in fact something be wrong without dns set sail … not the PC as DNS values on pfSense I put 8.8.8.8 in general setup, since I have not flagged any item below the dns
Has anyone had a similar problem?
How can I fix?
Thanks to all
-
Are you using DHCP on pfSense LAN?
Does the LAN client get a DHCP address?
Is DNS Forwarder enabled in pfSense?In a default configuration, DNC Forwarder and DHCP are both enabled on pfSense. A LAN client will get a DHCP IP address in the LAN subnet, and DHCP will give the pfSense LAN IP as the DNS server - so the LAN client will use pfSense DNS Forwarder for DNS.
-
Not a solution but you seem to have an issue fairly similar to mine https://forum.pfsense.org/index.php?topic=75781.0 - is that a recent install ?
-
Hello thanks for the reply
On the LAN I do not have DHCP enabled
Each PC on the LAN has a fixed address
DNS forwarder is not activatedI want the dns server is given by pfSense
Hello and thank you very much
-
Then make sure DNS Forwarder is enabled on pfSense.
In each LAN client, you will already have set a static IP. Also enter the DNS server as the pfSense LAN IP. -
Hello
clients on the LAN do not want to put any DNS, but all the clients on the LAN must take the DNS automatically imposed on pfSense
This is possible to do it?
thank you very much
-
If you are using static IP entered on each LAN client, then you must also enter the DNS. In IPv4 there is no way to just do a DHCP request to get the DNS address.
I suggest that you use DHCP on LAN. Then in the pfSense DHCP server, allocate a static-mapped IP address to each client.
I do it that way for all the known client systems in an office. Then each client always gets the same IP address given by DHCP, and they get DNS server also given automatically. -
Hello
I then activated the DHCP server on the LAN, and I have also enabled the DNS Forwarder
Now the PCs on your LAN ethernet card have no fixed address and no DNS and everything works
Now I want to ask if you can block certain sites using DNS that is, for example, if I type https://www.facebook.com this site should not be open …
I have read on the forums that it is possible to make it through in DNS Forwarder but do not know how to do, you could give me a hand?
Hello and thank you very much
-
A quick search for "how to block facebook" would bring up this thread with a few ideas, and my post of how I do it:
https://forum.pfsense.org/index.php?topic=69860.msg383922#msg383922 -
Hello thanks for the tip
I wanted to ask the method that you are using seems a bit complicated to do it ….
while the method recommended by Nothing
Why do not you use DNS forwarder and add DNS A records *. Facebook.com to 127.0.0.1 for example?
To avoid using foreign DNS servers by the clients add a NAT rule to catch everything on TCP / UDP 53 and DNAT it to the pfsense box.
Much simpler and cleaner than using proxy I thinkIt seems easier
As I seem to have figured out I have to do two rules on the firewall and then add that record in DNS Forwarder?
Hello
-
Yes, if you want to block Facebook all the time, then a domain override to translate *.facebook.com to a local address that does not work will do the trick easily.
I have the firewall rule on a schedule, so Facebook works before and after normal office hours - we encourage our staff to come in early or stay late to do their FaceBooking (is that a word?) and to actually work during office hours :) - for that I need an alias and rule on a schedule. -
Hello
I went in the DNS Forwarder in pfSense
I have to set the parameters in the Override Host or Domain in Override?
thanks
-
Domain Overrides
Domain put facebook.com - that will include everything ending with facebook.com
In "IP address" put "!" - it is documented on the GUI page: "Or enter ! for lookups for this host/subdomain to NOT be forwarded anywhere."
Now it will look those up itself. Of course they are not in the local hosts file, so it will very quickly return a not found NXDOMAIN. -
Hello I have done in this way, is that right?
-
That will work. But if you put "!" in the IP Address field, the facebook block will happen a little quicker for users, because DNS forwarder will immediately be able to send back a "not known".
-
Hello I have done as you suggested and you can see it in the picture but if u go https://www.facebook.com opens the page http://www.facebook.com while I did not open the page
What should I do so that when I type https://www.facebook.com?
thank you very much
-
Hello I have a problem I do not know how I did it but now I do not work anymore …
I do a summary of my situation
I have a LAN in which the clients have DHCP enabled and have no value in the DNS
pfSense in after I enabled the DNS Forwarder and DHCP Server with the DNS values (see first image)
after going to the Dashboard I have those values of the DNS (see picture2)
My question is what to set in the General Setup (see image3)
Wondering if anyone could give me a hand
thank you very much
-
If you are happy to use DNS Forwarder (a good thing, IMHO) then do not put anything in the DHCP "DNS Servers" - DHCP will give the pfSense LAN IP as the DNS server.
Then put multiple real public DNS servers in General Setup - e.g. 8.8.8.8 and 8.8.4.4 (Google). Or you can use OpenDNS, or your ISP DNS servers or… - DNS Forwarder will use those to resolve queries. -
Hello in General setup I put these settings
-
Hello while I put these in DNS Forwarder settings
