I pay for a DNS service (Smartydns) to be able to access certain websites due to the region I live in (Caribbean). It is mainly used for access to prime video.
I do not want to have all requests going to smartydns as this causes issues with other services like Netflix for example. So instead of setting the primary DNS on the individual clients, I had instead set it up under “domain overrides” in Pfsense. I had amazon and a couple other websites set up under domain overrides. This was working great for the past year and more until one day a it stopped working on a few devices. I tried troubleshooting this to the best of my ability but did not have much success and eventually gave up. I was honestly lost as to why it would now only work on some devices. What I ended doing was setting the primary DNS on those particular devices and used it as is.
If anyone has any insight as to why the domain overrides would not work on certain clients on the network, please share Besides the domain overrides what would be some other or better options of accomplishing this task?
Thank you for this. I did actually have one machine with “dns over https” enabled on Firefox but that was resolved. Some of the devices that the domain override currently does not work on is an Xbox one and a l kindle tab. No browser usage on these, prime and Netflix are accessed through the apps.
Domain names that services use for differently things change over time. Additionally, the mechanisms services are using for region restrictions also change over time.
How are you keeping your rules up to date?
(I can imagine of a way to setup rulesets by AS numbers, and route prefixes and with a lot of caching this would work fine over a long time period, but I’m not sure pfSense supports anything as complicated)
I am not too knowledgeable in this area but I recall trying to use wireshark to check for any traffic related to the smarty DNS. But that was done on a PC where I later found out that dns over https was the issue. Looking into using the pfsense packet capture by the specific device IP.
I don’t have any rules setup for this. I literally just entered those domains under the domain overrides section. Now that I think about it, only devices that use the “apps” instead of browsers seem to not be working. Maybe the apps uses different domain names than the website/browser counterparts?
I can probably test accessing the same services on these devices by browser/website instead of using the apps.
So I actually just tested accessing amazon prime videos on the xbox one via the edge browser and it works…sort of. Well the video player eventually crashes but I am able to access the prime service without any out of the region errors etc unlike the app. So I have to assume the apps are a different domain address than the website counterparts and that I need to add those to the domain overrides.
Besides the domain overrides what would be some other or better options of accomplishing this task?