DNS General Question - Captive Portal
-
Hi,
Simple question: does pfsense intercept dns traffic if clients set their own DNS servers?
Thank you!
-
Not by default, it'd just get blocked in that circumstance. Port forwards can be used to intercept and redirect.
-
Hi! It did not work.
I couldn't get any names to be resolved.
I tried a port forward rule with:
Interface: LAN
Protocol: TCP/UDP
Source: Any
Destination: Any
Source port Range: anyDestination: any
Destination port range: DNS
Redirect Target IP: MY_DNS_Server
Redirect target port: DNSNAT Reflection: Use System Default
Filter Rule Association: Add associated filter rule.NOTE: This happens when I redirect to my Microsoft DNS Server.
If I redirect to pfsense itself my machine can resolve names.
-
The target has to be allowed through the portal via allowed MAC or IP.
-
The problem was the destination DNS server.
Everything's working as expected with port forwarding…
-
"does pfsense intercept dns traffic if clients set their own DNS servers?"
No but my ISP does this all the time and forces me to use pages that they have cached even when i use OpenDNS for the upstream server.
Bit rude of them when I have elected not to use their DNS server but this means that they are also having to isue fake SSL certificates too and are doing a Man-in-Middle to speed up pages and to save themselves money on the upstream bandwidth.
Does not seem legal to me