Forward all subdomain to IP address

  • Hi all,

    I want to configure pfSense to forward all requests on a specific domain.tld to a specific IP address. This is helpful for intranets or multiple people working on a single deployment, and web servers are set up with virtual name hosting.

    For example, I want all sub-domains in "dev.local" to resolve to IP address "", like "" and "" or "". I then have the server at "" set with virtual name hosting to handle these domains where defined.

    I thought the DNS forwarder would be able to handle this, seeing as "host" is not a required field, but "domain" is. I looked through these forums and the closest I found was a thread on blocking by domain. An example of this is forwarding all requests to "" (or "", or any of its servers) to "".

    I'm using pfSense 1.2-release, however, and this doesn't seem to be working for me. Any ideas?


  • seeing as "host" is not a required field, but "domain" is

    I would enter dev.local under "Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain." is that not what you want ?

    set with virtual name hosting to handle these domains where defined

    Probably not enough as text says "authoritative dns server"

  • Unfortunately, I don't want to really run another DNS. I could become an authoritative server for all ".dev.local", but that's not ideal. That would mean I add the entry for all ".dev.local", redirect it to "", and then run another DNS server on my pfSense router.

    Is there a way to manually add an entry that will forward all domains? I notice that the changes I make to the DNS forwarder list get written into /etc/hosts. Is the configuration file available some where? Is this a bug in the DNS forwarder? What do you think?

  • I'm also trying to forward all http(s) requests for domain [] to a single designated LAN IP (regardless of [sub-domain] and have not been successful.

    I would expect that leaving the host field blank or using something like a * wild-card would do the trick, but no go.

Log in to reply