Using multiple DNS Servers on an OpenBSD Firewall

I run an OpenBSD firewall configured much like the tutorial at BSD Now. After setting up the encrypted DNS lookups I ran into a problem. Some of the devices in the house needed to use the Unblock-us DNS service. I had already setup static I.P. addresses in /etc/dhclient.conf so these two lines in /etc/pf.conf took care of the problem. $crypt is the I.P.’s of the computers that will use encrypted lookups on OpenDNS. This is a modification to the configuration shown at BSD Now. In /etc/pf.conf

# crypt is wireless router, server, my computer, and music room computer
crypt="{ 192.168.1.2, 192.168.1.3, 192.168.1.5, 192.168.1.6 }"

block out quick log on egress proto { tcp udp } from $crypt to any port 53
pass in on $int_if proto { tcp udp } from $crypt to ! 192.168.1.1 port 53 rdr-to 192.168.1.1

Now the wireless router, server and my computers use the OpenDNS encrypted lookups and the rest of the wired devices and my wife’s computer use the Unblock-us service. Why not default to OpenDNS? For me the only other devices in the house that are wired are media devices, and we have the wireless router (192.168.1.2) with a separate subnet (10.0.0.1) that now forces OpenDNS for the wireless.

Check out some other Bands on .Bandcamp.com. Crazy Fingers (Vancouver 1991), Altogether Steve and the Mercenaries, and Hammy Ham Hands.

Proudly powered by an IDE, a Text Editor, and some Internet Searches.

2024 dispelled.ca end of file.