How to configure FreeBSD to redirect all DNS requests to other DNS.
We have set up FreeBSD as router for our company. We have two cards, one for lan and second for WAN whic is configured as Public static IP adress.
What I want to do is:
When some client inside our network 192.168.0.1/32 call DNS request to our old DNS server, FreeBSD is going to forward that request to other one DNS server.
Is that possible ?
Where I need to put that rule ?
Nat – How to redirect DNS requests trought FreeBSD to another DNS
domain-name-systemfreebsdinternal-dnsnat;
Related Solutions
With PF, you could do it with variables.
myports = "{ 22 25 2022 2222 8000 }" rdr on $ext_if proto udp from any to $ext_if port $myports -> 192.168.1.7
...or something.
Don't bother with DNS forwarding, or with OpenWrt's internal DNS server, just serve the existing DNS servers to your DHCP clients directly. You can do this by setting DHCP option 6, which will be formatted in the web interface like:
6,192.168.32.35,192.168.48.35
You can access the relevant part of the web interface in LuCI by going through Network --> Interfaces --> LAN --> Scroll down to bottom --> "Advanced Settings" tab:
I also have to remind you to do this only with the explicit knowledge and approval of your company's network admin, IT department, etc.
Best Answer
If you're running BIND on the that router, you can easily configure it to forward all requests to the appropriate external DNS server. Depending on what firewall you're running you can also easily forward packets to that router's named. The problem is going to be that the router is answering the request now, and the client expects another server to answer the request; this would appear like a classic cache poisoning attempt and many newer clients will reject it. If you want to try it and you're running IPFW, add something like this:
ipfw add 00010 fwd localhost ip from {lan} to any dns(Note you need a kernel compiled with
options IPFIREWALL_FORWARDfor this to work.)You're best option as others have mentioned is to configure your DHCP to issue the new address (or the router's and setup forwarding there, this would also reduce external network traffic potentially, as it will cache some of the DNS queries). Then log anyone who's still using any external DNS.