English Forums > Tutorials and FAQs

Redirecting all DNS Requests to Opnsense

(1/2) > >>

spidysense:
I know there are instructions on how to do this on PFsense:
https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

But if someone has already done this on their Opnsense box, please post a screen capture of it or the exact configuration of yours as it is laid out in Opnsense.

Thanks!

phoenix:
Your title states "Redirecting all DNS Requests to Opnsense", that isn't what's shown in the link you've posted. Despite the title of that article it states in the body that the aim is "To restrict client DNS to only the specific servers configured on a firewall," and unless I'm misunderstanding it you will still need your LAN computers to have a valid DNS entry in the resolv.conf of those clients pointing to the firewall DNS server. If that's not what it's saying then I'm sure someone will put me right. :)

DNS servers are either allocated via DHCP or manually with a fixed IP of the DNS server that's being used. I much prefer to run caching DNS servers on the LAN itself and let the firewall do what it's good at.

spidysense:
Redirecting all DNS Requests to PFsense is the name of the subject of the post in the url. It is pretty clear  to me it is about restricting all devices behind PFsense from using anything other than the prescribed DNS entries on the PFsense box. So in other words, Redirecting all DNS requests to PFsense. I just would like to see how it is done on OPNsense...

To restrict client DNS to only the specific servers configured on a firewall, a port forward may be used to capture all DNS requests sent to other servers.

phoenix:
The tile and the contents of the article are ambiguous, to me they state two different objectives. I don't disagree that the aim is to use the DNS server configured on the firewall but 'redirecting' and 'restricting' are two different things. My aim was to point out the differences and try to get you to answer what you're trying to achieve, it seems I've failed miserably.

Why can't you configure those setting in OPNsense, have you tried and if you can't do it what's missing or wrong?

spidysense:
For anyone looking for the answer to this, I found it:
https://www.kirkg.us/posts/using-opendns-with-opnsense/
 ::)

Particularly:
Rule#3 (Restricting other DNS on the Lan and redirecting it use OPNsense configured DNS)
If someone is trying to get around your OpenDNS filtering, and has changed their computer's DNS settings to use a public DNS server they will get denied.



Navigation

[0] Message Index

[#] Next page

Go to full version