pfSense Forum

pfSense English Support => General Questions => Topic started by: mrkool on January 01, 2018, 11:13:37 pm

Title: OpenDNS not blocking sites
Post by: mrkool on January 01, 2018, 11:13:37 pm
SO i have the pfsense setup to use opendns servers as DNS resolver and i do have a opendns account setup to block porn etc but it doesn't seem to be working. on the pfsense i get 127.0.0.1 and than the 208.67.222.222.and 208.67.220.220. on the clients all i get for dns is my pfsense ip addresss. everything local and on the internet is resolving just fine just no filtering.
Title: Re: OpenDNS not blocking sites
Post by: johnpoz on January 02, 2018, 04:33:55 am
So you set unbound to forward to opendns?  If not unbound is a resolver and will resolve not forward.
Title: Re: OpenDNS not blocking sites
Post by: Gertjan on January 02, 2018, 04:44:27 am
Read also : https://forum.pfsense.org/index.php?topic=141990.0
You will fine a test https://welcome.opendns.com/oops/ that wills how you if the setup has been done correctly.
Title: Re: OpenDNS not blocking sites
Post by: mrkool on January 02, 2018, 10:43:06 am
I read through the posts and the help section but I am not understanding where the resolution is coming from if you use resolver vs forwarder? pfsense only has the opendns servers as the DNS servers so if I choose resolver or forwarder my public IP (WAN) will be used to talk to the openDNS servers and that should send the block message.

I have disabled resolver and enabled forwarder but still no luck with blocking.
Title: Re: OpenDNS not blocking sites
Post by: KOM on January 02, 2018, 12:12:17 pm
Wrong.  Resolver uses the root DNS servers to resolve.  Forwarder just forwards the request to the DNS you specify in setup.  If you're using resolver, you need to check the Enable forwarding mode checkbox.  Only then will it use the DNS you provide.
Title: Re: OpenDNS not blocking sites
Post by: mrkool on January 02, 2018, 12:20:52 pm
thanks KOM this makes sense will try it out and report back
Title: Re: OpenDNS not blocking sites
Post by: mrkool on January 02, 2018, 02:55:01 pm
did not work. I disabled the DNS Forwarder and enabled DNS Resolver with DNS forwarding option turned on and welcome.opendns.com says I am not using opendns servers. There was a site that would tell me which DNS resolver I am using but I cant seem to find it.

On opendns site it mentioned disabling DNSSEC but that is an older post.
Title: Re: OpenDNS not blocking sites
Post by: johnpoz on January 03, 2018, 04:52:53 am
Dude is your client pointing to pfsense for dns??  if you have forwarder enabled in resolver it will forward to where you tell it to forward.. If your using the forwarder then it will forward to where you set it to forward..

If your client is not pointing to pfsense doesn't matter how you set pfsense up..

Please post up your setting in pfsense, and your settings in your client showing what dns its using.. simple ipconfig /all in windows machine.

Here took all of couple seconds to switch over and test this.. See attached.. Make sure you clear your browser cache and your machines local dns cache.. Reboot the machine if you do not know how to do that..

If you do not disable dnssec and you forward to opendns your prob not going to get anything back since they do not support dnssec..  That should be disabled if forwarding to opendns.  See screenshot.