pfSense Gold Subscription

Author Topic: DNS Redirect  (Read 165 times)

0 Members and 1 Guest are viewing this topic.

Offline MontanaIce

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
DNS Redirect
« on: November 07, 2017, 04:30:43 pm »
I work at a few school sites and we have an external DNS filter that we allow DNS traffic to. However, the school administrators would like us to setup a DNS redirect to make transition easier than an outright block of DNS traffic anywhere else other than our approved DNS filter. We have non-domain devices from visitors such as cell phones or any other devices we do not control and we are asked to not completely block DNS but to redirect those device DNS requests to our internal DNS server (that is not pfSense).

DHCP DNS settings is being used but we need to redirect all DNS queries to WAN side to redirect to a LAN DNS server. I realize the best case scenario is to force all users to to move to DHCP or to set static DNS to use those approved DNS servers but our administrators would like our users to be redirected instead of being outright blocked. How would I achieve this using NAT policies in pfSense?

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2502
  • Karma: +265/-1
    • View Profile
Re: DNS Redirect
« Reply #1 on: November 08, 2017, 08:28:05 am »
That's no magic with pfSense, if the request which are to be redirected enters pfSense on another interface as the redirection host is connected to. You need just a simple NAT rule.

Go to Firewall > NAT > Port Forward and add a rule there:
Interface: LAN or whatever the devices connected to
Protocol: TCP(UDP
Destination: any
Destination port range: DNS
Redirect target IP: the host IP you want to redirect DNS requests
Redirect target port: DNS
Description: <what you wan>
save it. That's all.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5370
  • Karma: +668/-19
    • View Profile

Offline MontanaIce

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: DNS Redirect
« Reply #3 on: November 08, 2017, 10:32:27 am »
So if I have LAN interface up and hosts on it and I have a DNS server on that same interface I would do this?

Port Forward Rule:
Interface: LAN
Source: !LAN_DNS_Server
Protocol: TCP & UDP
Destination: Any
Destination Port: DNS
Redirect Target IP: LAN_DNS_Server

The LAN DNS server needs to reach out to WAN for queries so do I need to inverse select the LAN DNS Server in the source field?

Offline bartkowski

  • Newbie
  • *
  • Posts: 22
  • Karma: +4/-0
    • View Profile
Re: DNS Redirect
« Reply #4 on: November 08, 2017, 10:49:49 am »
So if I have LAN interface up and hosts on it and I have a DNS server on that same interface I would do this?

Port Forward Rule:
Interface: LAN
Source: !LAN_DNS_Server
Protocol: TCP & UDP
Destination: Any
Destination Port: DNS
Redirect Target IP: LAN_DNS_Server

The LAN DNS server needs to reach out to WAN for queries so do I need to inverse select the LAN DNS Server in the source field?

No, look at the linked article again.
Source: ANY or LAN
Destination: !LAN_DNS_Server

Offline KOM

  • Hero Member
  • *****
  • Posts: 5370
  • Karma: +668/-19
    • View Profile
Re: DNS Redirect
« Reply #5 on: November 08, 2017, 01:34:39 pm »
I should have pointed out that the article I linked to wasn't an exact match for his issue, but he should be able to change the 127.0.0.1 to his LAN DNS IP and get the same result.