What's new

Equivalent of DNS resolver, Host Overrides feature in pfsense

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

peter_cd.cn

New Around Here
Hi, I am following a post where this blogger is using Pfsense to setup rules for DNS to resolve to local IP when device(client) are within the subnet. (Connected to local wifi network).

Here is what he did in Pfsense:
Screen Shot 2021-06-11 at 20.08.44.png


He added this override, so whenever a device visits this website "lawrencesystems.com" it will resolve to this IP: 192.168.3.9.
Screen Shot 2021-06-11 at 20.09.08.png


What is the equivalent feature for this in Asus-Merlin (DNS Filter, or dnsmasq?). I am not ready to put Pfsense in my network yet unless I have too.

I only want this rule for some host/domain combination.

Other alternative solution came up when I do my research is NAT Reflection. Looks like NAT reflection is not supported in Merlin build now.

Can someone please chime in on what I could do? If I am wrong, or additional information is needed. I am happy to provide that.

Best,
Peter
 
Can't read these blurry screenshots, so I'd ask: what is the intended goal?

If it's to replace a hostname's IP by a different one, then you can do that by customizing the dnsmasq config.

If it's to enforce the use of a specific nameserver on your LAN, then DNSFilter would be your solution.
 
I would expect that these equivalent lines in /jffs/configs/dnsmasq.conf.add would do the same thing.
Code:
address=/lawrencesystems.com/192.168.3.9
cname=www.lawrencesystems.com,lawrencesystems.com
 
Better Pfsense screenshot.
2018-03-21-15_28_56.png


Thanks for jumping on this. I am going to read up on dnsmasq. Have not used that feature before. I am going into study mode for a bit.
1. If it's to replace a hostname's IP by a different one, then you can do that by customizing the dnsmasq config.

2. If it's to enforce the use of a specific nameserver on your LAN, then DNSFilter would be your solution.
What are the differences? Can you please give a common example?
For 1, When dnsmasq setup correctly to redirect a host+domain, hitting -> "*.lawrencesystems.com" will direct (resolve) to any IP I set locally. In top example would be 192.168.3.9. This can by pass request going to public DNS and look for real IP.

For 2, when DNS filter setup correctly to filter a host+domain, hitting -> "*lawrencesystems.com" will still go to public DNS and lookup IP. If the IP comes back match DNSfilter IP setting, it will allow access. If not match, the request is blocked.

Is this the right summary? :)
 
1. Yes.

Everything you need to know about dnsmasq can usually be found here: https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

2. No, see the explanation on the DNS Filtering GUI page. DNSFilter intercepts client DNS requests and redirects them to a DNS server of your choosing. So for example, if your client uses 8.8.8.8 for DNS and has no option to change that you can use DNSFilter to redirect it to 1.1.1.1 instead.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top