Yet another DNS Forwarder and DNS Resolver question



  • my apologies, can't seem to get a good "Subject Name" for this.

    I'm trying to cache game updates and followed LANCache: http://blog.multiplay.co.uk/2014/04/lancache-dynamically-caching-game-installs-at-lans-using-nginx/comment-page-3/#comment-1108

    I have pfSense 2.2.4 nanoBSD 2G version and it defaults to DNS Resolver, and from what I can see from the post on LANCache, they are using DNS Forwarder for this one. As far as I have experimented, DNS Resolver/Forwarder can't be activated at the same time.

    Even though am not sure what I did  :-[, I de-activated the DNS Resolver and activated the DNS Forwarder. I can still browse the net and my LANCache test machine is also working (a-ok!).

    ATM, my fpSense box only serves like traffic shaping (high gaming priority) + this DNS forwarding thing to spoof/cache game updates. and maybe having captive portal in the near future.

    my question(s):

    • does switching over to DNS Forwarder have any side effects?
    • am I fine with DNS Forwarder?
    • if I go back to DNS Resolver, it seems that the format needed inside the advance BOX is not the same as with the DNS Forwarder like: "address=/.cs.steampowered.com/192.168.1.151", how can I format it to be compatible with the DNS Resolver advance BOX?

    any inputs are highly appreciated, thanks in advance!


  • Rebel Alliance Global Moderator

    so you just want to create over rides to point an fqdn cs.steampowered.com to 1.2.3.4 and you don't want to use the gui?  How many do you have to put in?  If just a couple of them just use the gui much easier.

    There is nothing saying that resolver is better than forwarder.  Just different way to look up what you need, vs in a forwarding asking someone else to look it up for you.  With a resolver you just look it up yourself.  This gives you way more control for sure, and you are sure you got the info from the horses mouth.

    But if you want to use the advanced section to add over rides.

    https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

    server:
    local-data: "click01.example.com A 10.10.10.1"

    you only need that server: once at the top of your listing.

    example
    C:>dig click01.example.com +short
    10.10.10.1

    C:>dig click02.example.com +short
    10.10.10.2

    But if forwarder is working for you - there is nothing saying that resolver has to be used.




  • @johnpoz:

    so you just want to create over rides to point an fqdn cs.steampowered.com to 1.2.3.4

    yes, this is one of my objectives

    @johnpoz:

    and you don't want to use the gui?

    gui/console is fine with me as long there are samples…

    @johnpoz:

    How many do you have to put in?

    am really not sure, its small ATM but may horribly grow big

    @johnpoz:

    There is nothing saying that resolver is better than forwarder.  Just different way to look up what you need, vs in a forwarding asking someone else to look it up for you.  With a resolver you just look it up yourself.  This gives you way more control for sure, and you are sure you got the info from the horses mouth.

    this is what I have read that with a resolver, this is also why am asking for a way to convert what I have for the forwarder so that I can have the resolver be used instead for forwarder.

    @johnpoz:

    But if you want to use the advanced section to add over rides.

    https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

    have read this one, but I was not that sure how to convert it from forwarder.

    @johnpoz:

    server:
    local-data: "click01.example.com A 10.10.10.1"

    you only need that server: once at the top of your listing.

    example
    C:>dig click01.example.com +short
    10.10.10.1

    C:>dig click02.example.com +short
    10.10.10.2

    thanks for this example, I'll try this one out

    @johnpoz:

    But if forwarder is working for you - there is nothing saying that resolver has to be used.

    this is so called our 'options' and a community to lend a helping hand ^_^ so that we'll know which can be chosen


  • Rebel Alliance Global Moderator

    You can use whatever you want to use forwarder or resolver.. Do you understand the difference between them??  To be honest while I commend moving to resolver with dnssec as default option - it seems basic understanding of the difference in a large chunk of the user base has confused them.

    Might of been better to just leave dnsmasq as default and let those that understand why they might want to use a resolver vs forwarder make the change to use that.  I think the goal, just my opinion on why they moved to resolver being default is so that sure dnssec was being used.  When you forward your at the mercy of where you forward to if dnssec is used.

    If you resolve you can be sure your using it, etc.  But there are some caveats to that - resolving depending can have issues if domains dns is not up to snuff or if its on the other side of the planet to you might time out first time a client tries to resolve it.  If using a forwarder to some major caching dns like google or opendns.. Domains that are shitty in responding for their dns are most always going to be cached if anyone using those dns uses them..  So in that case you might not notice their dns is below par, while if you were resolving and talking directly to their name servers you would with issues resolving their stuff.

    As to example of using the gui for over rides in the resolver.

    C:>dig click03.example.com +short   
    10.1.1.3