DNS forwarder over-ride not working as expected
-
Hi,
The issue I have is with the wifi network. All works fine on the client if it gets a dhcp address and dhcp dns address. However If a user comes in and has a dns server manually set on the wifi card (opendns or google normally) they get a dhcp ip address, but as the client is set to use an external dns it cannot resolve the internal domains, and thus cannot authenicate to use the internet (use a system outside pfsense).On the DNS forwarder, I tried to use the Domain and the Host Overrides - I expected that the firewall would pick up the dns request going out intercept and redirect to the internal dns server for the domains/hosts I set - however this is not happening. On further thinking I understand why this wouldnt work as I thought.
Is there a away I can resolve this issue?
thanks for your time. -
you can forward all dns requests to your dns server vs letting them go to googledns 8.8.8.8 for example. So create a forward on your lan that says anything going to 53 tcp/udp redirect to whatever dns you want them to use IP address.
Another option is to just block outbound dns.. This forces them to come to you to find out why nothing works ;) Or uncheck their use their own dns and just use what comes from your dhcp server.
-
So create a forward on your lan that says anything going to 53 tcp/udp redirect to whatever dns you want them to use IP address.
how would I do that?
-
For what it's worth, I had a similar issue with the captive portal system inherent in pfSense. Some people showed up with static DNS entries which meant they couldn't resolve internet addresses which in turn resulted in their not being redirected to the wifi login page. I solved the issue by amending the 'captiveportal.inc' file directly to allow all DNS out prior to authentication. Not an ideal solution in my opinion, but it works. The link is here: https://forum.pfsense.org/index.php?topic=79229.msg432481#msg432481
You would have to change your authentication mechanism to the captive portal service on the pfSense firewall instead of your internal system, but if you have difficulty getting it to work it could provide a possible workaround.
-
@HCJ:
So create a forward on your lan that says anything going to 53 tcp/udp redirect to whatever dns you want them to use IP address.
how would I do that?
Simple port forward, note its using LAN as the interface though.. See first image.. So I set my client to use 8.8.8.8 for dns - see googledns can not resolve my pfsense.local.lan fqdn - but once I put in the forward. The clients query to 8.8.8.8 just gets redirected to pfsense dns that can resolve it.
-
@HCJ:
So create a forward on your lan that says anything going to 53 tcp/udp redirect to whatever dns you want them to use IP address.
how would I do that?
Simple port forward, note its using LAN as the interface though.. See first image.. So I set my client to use 8.8.8.8 for dns - see googledns can not resolve my pfsense.local.lan fqdn - but once I put in the forward. The clients query to 8.8.8.8 just gets redirected to pfsense dns that can resolve it.
thank you worked a treat
