Route all DNS requests to 1 server
Hey so I am very new to pfsense. I got it installed eventually today but have not got much further… What I am trying to set up is to forward all DNS requests to ViperDNS (220.127.116.11) as some devices are hard coded to use 18.104.22.168/22.214.171.124 or other servers that I cannot find. If it is possible can someone tell me how to set that up? I have tried a few guides but they do not seem to be working. So if my phone or PC pings 126.96.36.199 it gets rerouted to 188.8.131.52 and that is the end result of that I would like set up. I would really really appreciate some info on this. Thanks so much everyone and I hope to find a solution! :)
This wiki entry shows the general concept:
Apply and adjust for your own usecase.
Thanks so much, I will try it now.
Hey, can I possibly ask what they mean with this "Before adding this rule, ensure the DNS Forwarder or DNS Resovler is configured to bind and answer queries on Localhost, or All interfaces."? sorry I am sure this is very simple but I really have not used it a whole bunch. I have seen "DNS Forwarder" in some menu but do not know what they want me to do with it.
The wiki page assumes that you want to redirect traffic to your own local dns resolver / forwarder.
In your case you don't want to rewrite to the local one, but instead to another external one.
Replace the 127.0.0.1 in the NAT rule from the page with 184.108.40.206.
I used a different method to allow access to 2 DNS outside servers and block all other DNS access. I used firewall rules. Does it make any difference with pfsense in the way it is done?
Is one way faster than the other?
I included a picture of my way.
The port forward method will resolve names no matter what DNS servers are configured on the client. Except 127.0.0.1, something on the local subnet, or something else that isn't sent to the firewall.
The method you described will limit DNS to just those servers with pass rules.
Nothing wrong with either. It just depends on what you want.
I am still struggling to get this to work. Tried both ways and it does not block other dns servers. :( I must be doing something wrong but I do not know what it is.
Post what you've done.
Ok, so here it goes.
Background info: Modem has dns configured to 220.127.116.11
Step 1: Installed pfsense and configured it to work with 2 lan ports (one wan, other lan)
Step 2: Set DNS server on pfsense but it would simply not work (as in it was using some other local DNS server)
Step 3: Enabled DNS forwarder and DNS starts to work.
Step 4: Set Firewall Rule just like you did in that image but with DNS servers: 18.104.22.168 and 22.214.171.124
: Here are some images: http://s15.postimg.org/jni0kp2pn/Capture.png
Step 4: Tested to see if DNS servers were blocked/re routed using CMD on a Windows PC. Here is the result for the a ping to 126.96.36.199
: Image: http://s18.postimg.org/5rfccbydl/Capture6.png
I really am not sure if I am doing something wrong so please let me know if I am :) Basically what I am trying to do is ONLY use 188.8.131.52 or 184.108.40.206 as DNS server for my whole network. I used to block some well known DNS servers such as 220.127.116.11 and 18.104.22.168 but is there any way to re route all DNS requests to those 2 servers? Here is an image to blocked 22.214.171.124 : http://s9.postimg.org/d8gbqfjgv/Capture7.png
Here is also an image of ipconfig : http://s27.postimg.org/ujgm98zab/Capture8.png
Thanks so much for the help!!
Ok so I have removed the DNS that was set on my modem. The DNS I set in pfsense is working just fine but still need to either block some IP's or re route all DNS request to that server (126.96.36.199/188.8.131.52)
Ok, think it may be working now but can someone confirm with an image here: http://s22.postimg.org/y74d0soq9/Capture.png
Nah, still no luck… I can still ping other DNS servers and traffic is being sent to other DNS servers. :(
Well ping is ICMP.
You're making a rule for DNS (UDP port 53), not ICMP.
Of course you can still ping this address ;)
Sorry guys, think I confused myself and all of you…. Can I do this on pfsense: https://getflix.zendesk.com/hc/en-gb/articles/202281524-Block-Public-DNS-Overview
Those IP's need to be blocked basically and I really have no idea of how to do it. Router can do it but was hoping I could do it with pfsense if possible. Thanks for all the help everyone!! :)
You sort of need to separate blocking the IP addresses and blocking DNS.
There are two methods outlined in this thread.
The first forwards all queries made to any DNS server to a specific DNS server.
The second blocks queries to all DNS servers except those specified.
It sounds like you want the former. Just because you can ping doesn't mean the DNS isn't being forwarded as specified.