Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS configuration for remote site

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vomcliff
      last edited by

      I am planning this one out before implementing so I don't mess anything up before going live.

      The network I am on has multiple remote offices that connect via IPSEC VPN. The main site and secondary site have domain controllers on their respective subnet running MS DNS and DHCP. Those clients point the the windows server for DNS, and the MS DNS server points to the PFSense LAN IP as the DNS forwarder. This allows for use of PFBlockerNG using the unbound DNS resolver for ad blocking. These sites are up and running live and working properly.

      For the tertiary site, I have PFSense configured with an IPSEC VPN tunnel established to the main site. This site does not have a domain controller and relies on PFSense for DCHP and DNS. I'd like to enable PFBlockerNG to use the unbound DNS resolver to filter out ads. The issue I have seen when testing is that when I leave the MS DNS servers blank on the DHCP server, PFBlockerNG works properly but I can only connect to the remote domain servers through IP. If I add DNS servers to DHCP, I get normal access to my domain where I can use DNS names of servers but I lose the ad blocking from PFBlockerNG.

      How can I set it up so that my LAN traffic resolves DNS  using the MS DNS server and internet traffic is filtered through the unbound resolver?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So why not just point the forwarder in pfsense at your remote site clients use pfsense for dhcp and dns to your DC in your main site.  You will then be able to look up anything domain related.  When you ask it for say google, the DC will forward that to your pfsense using the resolver and blocker.

        Say you lookup www.pfsense.org that is not blocked… Your remote client will get that IP, then using pfsense at its site to go to that IP using their internet connection.

        This way you have access to all your AD dns stuff, still leverage the blocker..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.