Pfsense with opendns server

aodix · May 25, 2017, 1:36pm

hey all
i know that this is a stupid question but i have been playing with settings for what seems like forever and im just lost
i am trying to force all of my computers which are all behind a pfsense router to use opendns
i am NOT looking for content filtering but instead i just want to use opendns because it is faster than spectrum
with that said, this is what i have done thus far, which does NOT seem to be working from what i can tell:

Pointing your network to OpenDNS

Assuming that you have completed the above requirements, first you have to change your DNS on pfsense to OPENDNS. To do this, go to Systems > General Setup. Under DNS Server Settings
DNS Server 1: 208.67.222.222
DNS Server 2: 208.67.220.220
DNS Server Override: Unchecked
Disable DNS Forwarder: Checked
Once you finished, click Save to save all the setting you entered

DNS Resolver & Forwarder

Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder.
(I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY)
To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked)
After that, Go to Services > DNS Forwarder > Enable: Checked
Interfaces: All
Click Save

Redirecting all DNS Requests to Pfsense

Another option is to block Local DNS configured on a Computer.
To do this, you have to create two LAN Firewall Rules. One rule that allow all requests from pfsense local DNS and the second one will block all requests from external DNS.
Firewall > Rules > LAN > Add with up arrow
Action: Pass
Interface: Lan
Address Family: IPv4
Protocol: TCP/UDP
Source: Invert match-Unchecked/ ANY
Destination: LAN Address
Destination port range: DNS (53)
Log: Checked if you like
Description: Enter smth related to this rule.
Click Save
After that, copy the same rule and change the following settings.
Action: Block and Destination: Any. Other settings remain the same.

furthermore i have a squid proxy cache running, pfblockerng, and a few other packages that i cannot think of at the moment....im sorry i only know enough to get into trouble with this and am learning
when i run ipconfig /all on my laptop connected through wireless it shows the router ip address and my understanding is that it should go directly to the opendns addresses...is that wrong?
i show opendns' servers in the summary
is there something that i am still doing wrong or...? sorry im stumped...

Dexter_Kane · May 25, 2017, 2:44pm

It's set up correctly, all your devices should be using the router as their DNS server, this is what the DNS forwarder is, it's a DNS server which is forwarding unknown requests to (in your case) opendns. If you want your devices to use opendns and not the router then you can configure that in the DHCP settings. However if you do that you will not have a local DNS which means you won't be able to use hostnames when using things like file sharing or ssh etc.

BarkingMad · May 25, 2017, 3:18pm

Sounds like you're on the right track.

I disabled the DNS forwarder (dnsmasq, I presume?) and I have pfSense running Unbound. DHCP is configured to hand out the pf box as the DNS resolver. And, while I'm already running default deny for all outbound traffic, I have explicitly blocked all out bound traffic to any:53. The exception is my guest VLAN, where I have DHCP hand out 8.8.8.8 as the resolver and allow port 53 traffic to pass.

I've done more, or less the same for NTP.

Works a treat.

aodix · May 25, 2017, 5:47pm

i definitely want to use host, so much easier imo for the samba server i have going so, ok cool....i was confused about the dns setting for my devices showing the routers ip address as i thought that it would always sidestep that (i dont know the technical term) but youve explained it....cool, thank you!