Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Opendns on MultiWAN

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      wouwie
      last edited by

      Hi

      I have a pfsense with 3 WAN (2 x Telenet but never changes because of mac addres reservation trough ISP, 1 x Skynet, dynamic IP after router of isp) configured with failover
      and 2 LAN.

      • 1 LAN is with solid IP's in range 192.168.0.0/16 for administrative users
      • 1 LAN is with DHCP in range 10.0.0.0/8 for teachers and students

      Everything works perfect but I cannot figure out how to implement OpenDNS.  I only want it to work on the lan for the teachers and students, so the dhcp lan.

      Tried this: https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers but does not work.

      I tought changing the dns in System: General setup for the gateway that is set for the appropriate lan would do the trick but it does not.

      What does work, is when I set the dns servers of the dhcp server to 208.67.222.222 and 208.67.220.220 but I'm affraid that I'll run into problems since my lan is a windows 2008r2 domain and dns has to point to my domain controller, in this case 10.0.100.100

      Who can help me?

      general.png
      general.png_thumb

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        The easiest way is to make pfSense LAN IP the upstream DNS server on the Windows Server Domain DNS. Then your domain clients can all use the domain controller (DC) for DNS, and the DC can get DNS from pfSense, then pfSense get it from OpenDNS.
        On pfSense General Setup you need to put OpenDNS IP addresses for the DNS Server/s.
        Then you can block other DNS on LAN, like in that doc.

        Alternatively, you can put OpenDNS server IPs in the domain controller DNS, and allow just traffic from the DC to OpenDNS (or to any DNS) on pfSense LAN). That way the DC can go directly to OpenDNS.

        And give domain clients the DC as their DNS server.

        You can leave the interface for administrative users open if you like.

        You will need some Dynamic DNS to update a public name on that dynamic IP WAN - then use that name in OpenDNS, so it will know "who you are" and can implement your filter setings.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.