Feature #13200
open
Custom DNS Servers for Alert settings
0%
Description
I am running DNS Hijacking so all DNS/DoT/DoH is run through pfSense and then forwarded securley to Quad9 using DoT.
While going through pfBlockerNG I discovered the setting (Firewall --> pfBlockerNG --> Alerts --> Alert Settings --> Select the DNS server for the DNSBL Whitelist CNAME lookup)
I can only select from a collection of predefined DNS servers and cannot choose the connection protocol (DNS-53, DoT-853) which is a concern.
I would like the option of being able to set a custom DNS server, but at the very least 127.0.0.1 (This Firewall) as a option so I can funnel the DNS requests through my secure DNS channel. Both would be better, add 127.0.0.1 into the list and have a combobox. Another suggestion is perhaps parse all of the interface IP addresses and automatically add then.
As you can see I am able to choose Quad9 but I cannot guarantee it is using DoT to connect to the remote DNS server so is a privacy/security risk.
pfSense 2.6.0-RELEASE (amd64)
Current Version: pfBlockerNG-devel 3.1.0_4
Files
Updated by Carlos Montalvo J. over 1 year ago
One solution would be to deny:
LAN: Deny any != pfblockerng ip TCP/UDP:53
WAN: ANY outgoing TCP/UDP:53
And allow:
WAN: DNS ip's (proto:TCP or UDP):853