I would love to figure out how to force all computers on my network to use Pfsense’s DNS except for a few IPs.
So, far, I have setup a firewall rule to allow DNS queries to the Pfsense box. Then, below that rule, I have a rule that blocks all other DNS queries. Then, I have a NAT port forward that redirects those DNS queries that weren’t pointed to the Pfsense box to the Pfsense box so they have to use the DNS server of the Pfsense box. That all works. However, I cannot figure out how to make exceptions. I have tried putting firewall rules for the exceptions above the firewall block rule, but I haven’t been able to get it to work.
Any help would be GREATLY appreciated.