Using multiple DNS Servers on an OpenBSD Firewall

I run an OpenBSD firewall configured much like the tutorial at BSD Now. After setting up the encrypted DNS lookups I ran into a problem. Some of the devices in the house needed to use the Unblock-us DNS service. I had already setup static I.P. addresses in /etc/dhclient.conf so these two lines in /etc/pf.conf took care of the problem. $crypt is the I.P.’s of the computers that will use encrypted lookups on OpenDNS. This is a modification to the configuration shown at BSD Now. In /etc/pf.conf

# crypt is wireless router, server, my computer, and music room computer
crypt="{,,, }"

block out quick log on egress proto { tcp udp } from $crypt to any port 53
pass in on $int_if proto { tcp udp } from $crypt to ! port 53 rdr-to

Now the wireless router, server and my computers use the OpenDNS encrypted lookups and the rest of the wired devices and my wife’s computer use the Unblock-us service. Why not default to OpenDNS? For me the only other devices in the house that are wired are media devices, and we have the wireless router ( with a separate subnet ( that now forces OpenDNS for the wireless.



Proudly powered by Text Editors and some Internet Searches.

2023 end of file.