Problem DNS - LAN
-
Yes, if you want to block Facebook all the time, then a domain override to translate *.facebook.com to a local address that does not work will do the trick easily.
I have the firewall rule on a schedule, so Facebook works before and after normal office hours - we encourage our staff to come in early or stay late to do their FaceBooking (is that a word?) and to actually work during office hours :) - for that I need an alias and rule on a schedule. -
Hello
I went in the DNS Forwarder in pfSense
I have to set the parameters in the Override Host or Domain in Override?
thanks
-
Domain Overrides
Domain put facebook.com - that will include everything ending with facebook.com
In "IP address" put "!" - it is documented on the GUI page: "Or enter ! for lookups for this host/subdomain to NOT be forwarded anywhere."
Now it will look those up itself. Of course they are not in the local hosts file, so it will very quickly return a not found NXDOMAIN. -
Hello I have done in this way, is that right?
-
That will work. But if you put "!" in the IP Address field, the facebook block will happen a little quicker for users, because DNS forwarder will immediately be able to send back a "not known".
-
Hello I have done as you suggested and you can see it in the picture but if u go https://www.facebook.com opens the page http://www.facebook.com while I did not open the page
What should I do so that when I type https://www.facebook.com?
thank you very much
-
Hello I have a problem I do not know how I did it but now I do not work anymore …
I do a summary of my situation
I have a LAN in which the clients have DHCP enabled and have no value in the DNS
pfSense in after I enabled the DNS Forwarder and DHCP Server with the DNS values (see first image)
after going to the Dashboard I have those values of the DNS (see picture2)
My question is what to set in the General Setup (see image3)
Wondering if anyone could give me a hand
thank you very much
-
If you are happy to use DNS Forwarder (a good thing, IMHO) then do not put anything in the DHCP "DNS Servers" - DHCP will give the pfSense LAN IP as the DNS server.
Then put multiple real public DNS servers in General Setup - e.g. 8.8.8.8 and 8.8.4.4 (Google). Or you can use OpenDNS, or your ISP DNS servers or… - DNS Forwarder will use those to resolve queries. -
Hello in General setup I put these settings
-
Hello while I put these in DNS Forwarder settings
-
In DHCP Server, you need to remove 8.8.8.8 from DNS Servers.
At the moment, your clients are getting 8.8.8.8 as their DNS server - so they are going straight to Google for DNS. They need to go to pfSense DNS Forwarder, then they will get the facebook.com restriction. -
Hello can you tell me how you can be bet all the clients on the LAN to the DNS Forwarder in pfSense?
Hello and thank you very much
-
"all the clients on the LAN to the DNS Forwarder in pfSense?"
This is the default configuration of pfsense dhcp server - to point to itself as dns. So what do you mean how would you do it? Leave the dns servers boxes in your dhcp server setup blank
NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.
Bing Bang zoom all dhcp clients of pfsense point to pfsense for dns. If your talking about them manually putting in something else - then just create a firewall rule that prevents outbound on 53 udp/tcp and only allows it to pfsense IP. Or create a forward that forwards dns to pfsense IP.
Generally speaking whatever you hand out in dhcp is what your users should be using - why would they not use what the dhcp server sends them?
-
Hello and thanks to all
I make a list of the various settings to be made for pfSense is used as a DNS Forwarder
- In the DHCP Server to enable the DHCP server on the LAN and set the DNS
- In DNS Forwarder and turn it on, put in the domains of the block to facebook
- In the General Setup does not put any value in the DNS
- After creating the two rules on the firewall
Now I have a doubt whether in the General Setup I have set some parameters that you can see in the picture?
Thanks to all
-
- In the General Setup does not put any value in the DNS
If you have DHCP on WAN then check "Allow DNS server list to be overridden by DHCP/PPP on WAN" - then pfSense will get upstream DNS from the ISP DNS server/s.
If you have static IP on WAN, then put DNS server/s in the boxes in General Setup. Use the IP addresses of your ISP DNS servers, or some public DNS (Google, OpenDNS…) Then pfSense will get upstream DNS from these.
In all the above, the LAN clients will still get the pfSense LAN IP (DNS Forwarder)as their DNS server, which is what you want. -
Hello
I have a Static IP on the WAN, I set the DNS values in the General Setup page and I have not set any value in the boxes below (you can see in the picture)
Each client on the LAN has not set no value on relished ethernet card, if I go to Windows DOS I see that DHCP assigns an IP address and DNS as it gives me the address on the LAN to pfSense
But I can not navigate sites
Hello and thank you
-
Is the dns forwarder running? Can pfsense query dns using 8.8.8.8 ?
From diag, dns lookup
-
Hello I have the DNS Forwarder active
I did the test with DNS LOOKUP and you can see the result in the image
I do not know what to do to run pfSense
Hello and thank you
-
Well from that way that looks, no dns forwarder is not running. Or does not know where to forward too. Or you have it not listening on the interfaces you need it to listen on, etc.
Since you got no response from 127.0.0.1 – notice mine got a response.Post screen of dns forwarder page
-
Hello thanks for the help but it does not work
On the DNS Forwarder I set the same values that you have set
On the General Setup what should I set?
I have to make the rules on the firewall?
Hello