Block outside DNS issues

Hello guys, how are you doing? I seem to be having some issues with DNS whilst trying to block outside on one of my networks I don’t seem to be able to get the rules to work on pfsense.

My setup is the following:

Windows Server with AD/DNS - forwarder set to PI-Hole VM.

Pi-hole VM running recursive DNS.

Here is a picture of the rules

Thanks, Leprejohn

is the goal to only have the Pi hole have outside DNS?

Hi Tom, the goal in mind would be to block all DNS and only allow the pi-hole and the windows DNS server act as the DNS servers. I have 5353 opened on the LAN side for the recursive pi-hole settings, as my pi-hole DNS is set to

I’ve enabled the above rules for say the WiFi and I will get DNS issues pretty much straight away. If I disable the rules the WiFi works perfectly fine I’ve just been trying to troubleshoot it and just can’t get my head around why I can’t get it to work.

Could you provide some examples of host IPs on the SKYNET ADDRESS side (assuming that’s where your Windows server / PiHole is) and what the DNS servers are set to on the SKYWIFI side? You mentioned you have the PiHole looking at itself so I am curious if you’re sending the DNS requests to it, and it’s looking right back at itself to try to resolve external addresses?

PS. You can run pfBlocker directly on pfSense which (in my opinion) makes it easier to manage and is much more dynamic and flexible.

Hi Mike sorry for the late response.

So the way my network is setup, my skynet address is set to 10.10.11.X, my wifi is 10.10.12.X

The DNS servers DNS aren’t set as they pull the DNS settings from the firewall.

The pi-hole setup was done following this -