I'm trying to redirect DNS requests from IOT devices to my Pi-hole via pfSense.
Pi-hole is running on a Raspberry Pi 4 along with unbound as well as the DHCP server for the network. Configured DNS resolver in pfSense to forward queries to PiHole. This works fine. I'm now trying to force IOT devices to use Pi-hole by blocking and redirecting DNS queries that may be hard coded on the device. The blocking seems to be working fine, but it's not redirecting. When I run a nslookup I should see the Pi-hole respond regardless of what DNS server I try, but it's only blocking it.
I hesitate to ask, but I'm sure there are others that are doing the same thing. I did a search and see similar questions, but nothing specific to what I'm trying to do. This is more of a pfSense questions, but I'm hoping somebody can chime in. The documentation of pfSense has this, but it's all about using unbound on pfSense itself rather than redirecting to Pi-hole. I think I'm half way there, but hopefully somebody is running a similar if not the same configuration that can give me a few tips.
I think it's because I'm trying to forward to the Pi-hole rather than having the loopback address of the pfSense respond so it's not jibing.
I have two port forwarding rules. One that is supposed to redirect DNS queries to the Pi-hole and another that allows the Pi-hole to access external DNS. Currently, it's blocking rather than redirecting, which is half way there, and the other that allows Pi-hole to access external works fine.
I don't have a managed switch, so I'm not running anything as complicated as VLANs. Maybe sometime in the future, but I consider IOT devices as cell phones, media streamers, game systems, etc.
Edit: Yup, that seems to have fixed it. Just followed the step by step instructions below.
After setting the redirect target IP to the loopback address of the pfSense, it started working. In turn, pfSense turns around and contacts the Pi-hole for the query since I have the DNS resolver configured to use remote DNS and ignore local DNS and I've set the Pi-hole as the DNS server for pfSense.
Edit 2: I think it's working. Theoretically speaking, I should be able to perform a nslookup with a junk IP that's not a DNS address and it should work, which it does, but if I'm thinking correctly, I should also be able to resolve local names using a remote DNS address and it should resolve since it's being redirected back to the Pi-hole which does know local names. Still playing with it, but it's working better than before.