Netgate SG-1000 microFirewall

Author Topic: dns issue...? not sure  (Read 7565 times)

0 Members and 1 Guest are viewing this topic.

Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: dns issue...? not sure
« Reply #30 on: February 14, 2013, 07:58:48 am »
No your not understanding my point

I know what it was doing, but it was not intercepting anything nor was it a proxy setting in your browser..  From a commandline you were doing dig, and it pointed to loopback!

Something in the OS settings told the system to use 127.0.0.1 vs what you got from dhcp..  That could of been an edit to resolv.conf -- or something else?  Like I said I am not a big OS X user so I don't know off the top of my head the ins and outs of the config files used to determine where dns is sent..  But from resolv.conf it seems that there is something else - because it states file is not used for most processes for dns routing.

I understand it was running a forwarder on your machine, and listening on 127.0.0.1 and then sending any queries to opendns..  What I don't understand is why when you just did

dig something

That is went to loopback vs what you got from dhcp, and what you saw in your network settings!

Guess I can just install it on my OS X setup and see how it works.  I really don't see the point of dnscrypt to be honest - your just hiding your dns queries from your isp...  What you don't think they see where you go after you look up the fqdn to an IP??  dnscrypt does not verify that records are correct like dnssec - just verifies that you asked opendns, they could be giving you crap for all you know.

If your worried about hiding traffic from your local network or isp then just use a vpn and hide all your traffic from your local network or isp, etc.

i am not worried about hiding my traffic.  the program forces your computer to use OpenDNS servers for lookups.  rather than manually setting up the DNS servers, users who travel can run this program and not have to worry about manually changing their settings.  that way, no matter where they are at, they are using openDNS for lookups.  of course this might not always work if the network they are on has firewall rules for port 53 or blocks those types of apps.

using it at home was just a test, i simply forgot to turn it off after i saw what the program did.  i initially installed it when it was still in the beta stages.

anyway, it is resolved now and the program was doing what it was designed to do. 

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15126
  • Karma: +1412/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: dns issue...? not sure
« Reply #31 on: February 14, 2013, 01:10:57 pm »
You do understand that you could just manually configure opendns once, dhcp client can be setup to not use the dns offered in dhcp.

Either way your right if where they are at blocks outbound on 53 and forces you to use a local dns then neither method would work.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: dns issue...? not sure
« Reply #32 on: February 14, 2013, 05:22:01 pm »
You do understand that you could just manually configure opendns once, dhcp client can be setup to not use the dns offered in dhcp.


i understand that.  i was just testing the program to see what all it could do.


Offline tdhuck

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +1/-0
    • View Profile
Re: dns issue...? not sure
« Reply #33 on: February 23, 2013, 08:40:59 pm »
not sure why i didnt notice/check this after i figured out what was causing the ping issues, i still cant access my NAS drive when on vlan10 even though i can ping the NAS and i am not using local in the host name (as per the text in the pfsense settings).

thoughts?