Dns forwarder - domain overrides?
-
hi all,
i was wondering what this does?
-
A bit here: https://doc.pfsense.org/index.php/DNS_Forwarder
Usually used when you have an internal domain that has its names served by an internal DNS server - e.g. your Windows Server Active Directory-based DNS for internal.mycompany.com is found on 10.0.0.42 - put that in Domain Overrides.
Then when a client asks about xyz.internal.mycompany.com the DNS Forwarder will send the query to 10.0.0.42 instead of the usual upstream (public) DNS.You can also effectively black-hole public domains - put a matching entry for like "facebook.com" with "!" in the IP address field so requests for that domain (www.facebook.com etc) go nowhere, do not resolve locally and so do not work for clients.
-
phil thank you makes sense
but with regards to the facebook block, wouldnt you put that in host overrides and not the domain overrides as its one host not a whole domain with multiple hosts?
-
You want to make all sorts of Facebook names stop working. e.g. I just randomly tried blog.facebook.com and it came up with stuff. There might be lots of Facebook names, so the Domain Override covers all in one go.
But yes, you could put a host override for every individual FQDN you know of. -
Take a look at this link:
https://forum.pfsense.org/index.php?topic=82852.msg453980#msg453980
And you can use HE and search for any particular host IPs:
IE-
http://bgp.he.net/search?search[search]=facebook&commit=Search