1

pfSense + NextDNS CLI: best way to let a VLAN bypass NextDNS?

I've got an application-specific VLAN on our network that insists upon using another DNS service (not my call).

So I'd like their VLAN/subnet to bypass NextDNS and use whatever they want while all the other VLANs are still using NextDNS without a bypass capability.  I'm not sure if this is something I want to do with the listen value within nextdns.conf or what.

What's the cleanest way of accomplishing this?  Thanks.

5 replies

null
    • R_P_M
    • 1 yr ago
    • Reported - view

    https://github.com/nextdns/nextdns/wiki/Conditional-Profile

    You can use a different profile for this other subnet, without bypass blocking enabled. I think that’s what you wanted. 

    • brad.3
    • 1 yr ago
    • Reported - view

    Thanks for the reply but not quite what I'm after.

    For this interface on pfSense I don't want NextDNS involved at all.  As if it wasn't even there.  Full transparent pass-through.

      • R_P_M
      • 1 yr ago
      • Reported - view

      Brad Ok. 
      How much control have you got with the DHCP server? Can it be set to give out different dns server IPs for the subnet only?

      • brad.3
      • 1 yr ago
      • Reported - view

      R P M Yep, absolutely.  But the issue seems to be, between Unbound and the NextDNS proxy, all port 53 is being intercepted, regardless of the destination DNS IP.

      I'm just not familiar enough with Unbound or NextDNS to know what component in the chain is grabbing all the port 53 and how to tell it to leave one particular interface/VLAN alone.

    • Matt.5
    • 1 yr ago
    • Reported - view

    I have a similar situation, and I've been able to use the Linux version of the NextDNS client on my PFSense box, with some config by subnet in the file and some firewall rules... it works, but it's messy and fragile. I'd really like to see a robust integration with PFSense.

Login to reply

Content aside

  • 1 Likes
  • 1 yr agoLast active
  • 5Replies
  • 276Views
  • 3 Following