How to configure pfSense® to use Lumiun DNS with internal network device identification
This configuration will make pfSense® forward DNS requests to Lumiun DNS, including the IP address and MAC address of the devices making DNS queries on the internal network. The configuration is done in the pfSense® DNS Forwarder service, which is dnsmasq.
All devices on the local network that use this pfSense® (and its DNS Forwarder) as a DNS server will observe the rules defined in the Policy assigned to the Site used in the configuration.
In this procedure, the DNS Resolver (unbound) will be disabled, and only the DNS Forwarder (dnsmasq) will be used, forwarding DNS requests to Lumiun DNS servers.
Access the Services menu → DNS Resolver.
Disable or keep disabled the Enable DNS resolver option.
Save the configuration by clicking the Save button and confirm by clicking Apply Changes.
This Lumiun DNS configuration is done through the DNS Forwarder. If it is necessary to use the pfSense® DNS Resolver, we recommend this installation method: Configuring pfSense® to use Lumiun DNS via DoT.
Access the Services menu → DNS Forwarder.
Enable or keep enabled the Enable DNS forwarder option.
In Listen Port, keep the value 53.
In Interfaces, select (holding the Ctrl key) the LAN and Localhost options.
Enter the following content in the Custom options box - replacing abcd1234 with the desired site ID - see the ID on the Sites page.
Tip: If you are using pfSense® on versions prior to 2.6, it may be necessary to remove the "umbrella" option. This way, pfSense® will not send internal IP addresses to be included in Lumiun DNS reports.
Save the configuration by clicking the Save button and confirm by clicking Apply Changes.
Access the System → General Setup menu, if there is any DNS server entered in DNS Server Settings remove it and save the changes.
Done! Now you can view the Reports on your Lumiun DNS panel and also set the rules of the Policy.
All devices on the local network that use this pfSense® (and its DNS Forwarder) as a DNS server will observe the rules defined in the Policy assigned to the Site used in the configuration.
In this procedure, the DNS Resolver (unbound) will be disabled, and only the DNS Forwarder (dnsmasq) will be used, forwarding DNS requests to Lumiun DNS servers.
Disable pfSense® DNS Resolver
Access the Services menu → DNS Resolver.
Disable or keep disabled the Enable DNS resolver option.
Save the configuration by clicking the Save button and confirm by clicking Apply Changes.
This Lumiun DNS configuration is done through the DNS Forwarder. If it is necessary to use the pfSense® DNS Resolver, we recommend this installation method: Configuring pfSense® to use Lumiun DNS via DoT.
Configure pfSense® DNS Forwarder to use Lumiun DNS
Access the Services menu → DNS Forwarder.
Enable or keep enabled the Enable DNS forwarder option.
In Listen Port, keep the value 53.
In Interfaces, select (holding the Ctrl key) the LAN and Localhost options.
Enter the following content in the Custom options box - replacing abcd1234 with the desired site ID - see the ID on the Sites page.
add-cpe-id=abcd1234
server=76.223.1.120
server=13.248.132.249
server=2600:9000:a418:ffdb:d5fc:e6dc:e22a
server=2600:9000:a51c:7f39:2f9c:3051:ed89:84f0
add-mac
no-resolv
bogus-priv
umbrellaTip: If you are using pfSense® on versions prior to 2.6, it may be necessary to remove the "umbrella" option. This way, pfSense® will not send internal IP addresses to be included in Lumiun DNS reports.
Save the configuration by clicking the Save button and confirm by clicking Apply Changes.
Access the System → General Setup menu, if there is any DNS server entered in DNS Server Settings remove it and save the changes.
Done! Now you can view the Reports on your Lumiun DNS panel and also set the rules of the Policy.
Updated on: 31/07/2024
Thank you!