Opendns on MultiWAN



  • Hi

    I have a pfsense with 3 WAN (2 x Telenet but never changes because of mac addres reservation trough ISP, 1 x Skynet, dynamic IP after router of isp) configured with failover
    and 2 LAN.

    • 1 LAN is with solid IP's in range 192.168.0.0/16 for administrative users
    • 1 LAN is with DHCP in range 10.0.0.0/8 for teachers and students

    Everything works perfect but I cannot figure out how to implement OpenDNS.  I only want it to work on the lan for the teachers and students, so the dhcp lan.

    Tried this: https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers but does not work.

    I tought changing the dns in System: General setup for the gateway that is set for the appropriate lan would do the trick but it does not.

    What does work, is when I set the dns servers of the dhcp server to 208.67.222.222 and 208.67.220.220 but I'm affraid that I'll run into problems since my lan is a windows 2008r2 domain and dns has to point to my domain controller, in this case 10.0.100.100

    Who can help me?




  • The easiest way is to make pfSense LAN IP the upstream DNS server on the Windows Server Domain DNS. Then your domain clients can all use the domain controller (DC) for DNS, and the DC can get DNS from pfSense, then pfSense get it from OpenDNS.
    On pfSense General Setup you need to put OpenDNS IP addresses for the DNS Server/s.
    Then you can block other DNS on LAN, like in that doc.

    Alternatively, you can put OpenDNS server IPs in the domain controller DNS, and allow just traffic from the DC to OpenDNS (or to any DNS) on pfSense LAN). That way the DC can go directly to OpenDNS.

    And give domain clients the DC as their DNS server.

    You can leave the interface for administrative users open if you like.

    You will need some Dynamic DNS to update a public name on that dynamic IP WAN - then use that name in OpenDNS, so it will know "who you are" and can implement your filter setings.