Menu
What's new
By:
Filters Better Search

Redirecting all DNS Requests to pfSense

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Fingers

Fingers

Regular Contributor
I want to eliminate any clients using their own pre-installed DNS servers.

I have followed this tutorial :
https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html

Results:

Port Forward
screenshot-192.168.1.1-2020.04.26-17_24_47.png

LAN Rule:
screenshot-192.168.1.1-2020.04.26-17_25_37.png


Localhost Selected:
screenshot-192.168.1.1-2020.04.26-17_26_25.png



Manually added Google DNS added to windows NIC, but still connects:

screenshot-www.dnsleaktest.com-2020.04.26-17_38_58.png



Am I missing something obvious? :confused:
 
Last edited:
This is a little more elegant than the way I do it. I create an ACL to block all port 53 udp/tcp then I create a ACL to allow only the DNS I use which is QUAD9 9.9.9.9. My way it breaks all DNS but QUAD9. The pfsense way is it redirects all DNS to the pfsense DNS.
 
coxhaus said:
This is a little more elegant than the way I do it. I create an ACL to block all port 53 udp/tcp then I create a ACL to allow only the DNS I use which is QUAD9 9.9.9.9. My way it breaks all DNS but QUAD9. The pfsense way is it redirects all DNS to the pfsense DNS.
Click to expand...

Thanks, I did try that too as a test, and weirdly that didnt work either. The windows machine still used Google DNS. I'm at a loss to see why, I have also reset states and that makes no difference.
 
I guess to test it you will need to add an ACL to block all DNS except the DNS pfsense is using. Then start trouble shooting from there.

Theatrically any DNS you add to a Windows PC will be redirected to pfsense's DNS.

PS
I guess you know when you do ACLs you do the permits first and then the deny all last. I would use the WAN interface as it will be safer.
 
Last edited:
You must log in or register to reply here.

Similar threads

dougm
[solved] PFSense+OpenVPN: Problems Routing Specific VLAN traffic out VPN
Replies
1
Views
2K
dougm
dougm
Inrumpo
Solved Exclusive DNS leads to all VPN connections blocked
Replies
10
Views
2K
128bit
128bit
M
NordVPN Running on Router and Streaming Box Clients Issue
Replies
4
Views
3K
royarcher
royarcher
ftahumour
[AsusWrt-Merlin] DNS Resolution Issue with Netflix service only when connected to VPN server?
Replies
2
Views
4K
ftahumour
ftahumour
W
Question about DNS VPN
Replies
6
Views
2K
Xentrk
Xentrk
Similar threads
Thread starter Title Forum Replies Date
XIII ICANN reserves .internal for private use at the DNS level Other LAN and WAN 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 807 (members: 36, guests: 771)
Top