DNS General Question - Captive Portal

  • Hi,

    Simple question: does pfsense intercept dns traffic if clients set their own DNS servers?

    Thank you!

  • Not by default, it'd just get blocked in that circumstance. Port forwards can be used to intercept and redirect.

  • Hi! It did not work.

    I couldn't get any names to be resolved.

    I tried a port forward rule with:

    Interface: LAN
    Protocol: TCP/UDP
    Source: Any
    Destination: Any
    Source port Range: any

    Destination: any
    Destination port range: DNS
    Redirect Target IP: MY_DNS_Server
    Redirect target port: DNS

    NAT Reflection: Use System Default
    Filter Rule Association: Add associated filter rule.

    NOTE: This happens when I redirect to my Microsoft DNS Server.

    If I redirect to pfsense itself my machine can resolve names.

  • The target has to be allowed through the portal via allowed MAC or IP.

  • The problem was the destination DNS server.

    Everything's working as expected with port forwarding…

  • "does pfsense intercept dns traffic if clients set their own DNS servers?"

    No but my ISP does this all the time and forces me to use pages that they have cached even when i use OpenDNS for the upstream server.

    Bit rude of them when I have elected not to use their DNS server but this means that they are also having to isue fake SSL certificates too and are doing a Man-in-Middle to speed up pages and to save themselves money on the upstream bandwidth.

    Does not seem legal to me

Log in to reply