DNS configuration for remote site
I am planning this one out before implementing so I don't mess anything up before going live.
The network I am on has multiple remote offices that connect via IPSEC VPN. The main site and secondary site have domain controllers on their respective subnet running MS DNS and DHCP. Those clients point the the windows server for DNS, and the MS DNS server points to the PFSense LAN IP as the DNS forwarder. This allows for use of PFBlockerNG using the unbound DNS resolver for ad blocking. These sites are up and running live and working properly.
For the tertiary site, I have PFSense configured with an IPSEC VPN tunnel established to the main site. This site does not have a domain controller and relies on PFSense for DCHP and DNS. I'd like to enable PFBlockerNG to use the unbound DNS resolver to filter out ads. The issue I have seen when testing is that when I leave the MS DNS servers blank on the DHCP server, PFBlockerNG works properly but I can only connect to the remote domain servers through IP. If I add DNS servers to DHCP, I get normal access to my domain where I can use DNS names of servers but I lose the ad blocking from PFBlockerNG.
How can I set it up so that my LAN traffic resolves DNS using the MS DNS server and internet traffic is filtered through the unbound resolver?
So why not just point the forwarder in pfsense at your remote site clients use pfsense for dhcp and dns to your DC in your main site. You will then be able to look up anything domain related. When you ask it for say google, the DC will forward that to your pfsense using the resolver and blocker.
Say you lookup www.pfsense.org that is not blocked… Your remote client will get that IP, then using pfsense at its site to go to that IP using their internet connection.
This way you have access to all your AD dns stuff, still leverage the blocker..