Skip to content
Geek is the Way!
Menu
  • Forums
  • Sobre o blog
  • Contato
  • English
Menu

Overriding external domains DNS Bind9’s Response Policy Zone on your pfSense

Posted on March 18, 2023December 30, 2024 by Thiago Crepaldi

Last Updated on December 30, 2024 by Thiago Crepaldi

On a previous post, we’ve discussed how to use Bind9 on your pfSense in a way that external names were forwarded to name servers while internal names were statically resolved by Bind. In this post, we are going to discuss how to override the IPs returned by external name servers with IPs of our choosing. As an example, assume you want to make www.disney.com to resolve to 192.168.0.666!

You could do this by changing the hosts file on each machine, but this would hardly scale. Since BIND 9.8.1, the concept of Response Policy Zone was created for this purpose and we are going to demonstrate how it works.

pfBlockerNG depends on Unbound, so don’t replace it with Bind if you still want to block stuff with it.

First, I am assuming you have a working bind9 on your pfSense. Next, go to Service >> BIND DNS Server >> Zones and click on Add:

  • Zone
    • Domain Zone Configuration
      • Disable this zone: Unchecked
      • Zone name: response-policy-zone
      • Description: Trusted Forward zone for public overridden DNS records
      • Zone Type: Master
      • View: Trusted-View
      • Reverse zone: Unchecked
      • IPv6 Reverse Zone: Unchecked
      • Response Policy Zone: Checked
      • Custom option: leave blank
    • DNSSEC
      • Inline signing: Unchecked
    • Master Zone Configuration
      • TTL: 86400
      • Nameserver: localhost
      • Base domain IP: 127.0.0.1
      • Mail Admin Zone: root@localhost or a real email
      • Serial: 1 or something like YYYYMMDDxx (e.g. 2023031701)
      • Refresh: 1d
      • Retry: 2h
      • Expire: 4w
      • Minimum: 1h
      • allow-update: None
      • Enable update-policy: Unchecked
      • allow-query: Trusted-ACL
      • allow-transfer: None
    • Zone Domain Records:
      • Add an entry
        • Record: disney.com
        • Type: A
        • Priority: leave blank
        • Alias or IP address: 192.168.0.666
      • Register DHCP Static Mappings: Unchecked
    • Custom Zone Domain Records:
      • leave empty

Click on Save and you are done. If you need more overrides, just add them to the Zone Domain Records section above

Have fun!

Share this:

  • Tweet

Related

1 thought on “Overriding external domains DNS Bind9’s Response Policy Zone on your pfSense”

  1. Diego Sechin says:
    December 26, 2023 at 8:59 PM

    HI, Thanks for it.
    But I am having this problem:

    /etc/namedb/master/Trusted-View/response-policy-zone.DB:21: ignoring out-of-zone data (disney.com)

    What could it be?

    Reply

Leave a ReplyCancel reply

LIKED? SUPPORT IT :)

Buy Me a Coffee


Search


Categories

  • Cooking (1)
  • Homelab (79)
    • APC UPS (6)
    • pfSense (40)
    • Proxmox (20)
    • Shopping (1)
    • Supermicro (2)
    • Synology NAS (8)
    • Ubiquiti (6)
    • UDM-Pro (4)
  • Random (3)
  • Wordpress (1)

Tags

Agentless monitoring (3) AP9631 (3) Apache2 (3) APC UPS (6) Bind9 (3) certificates (5) cron (2) DDNS (5) debian (3) DNS (7) DSM (6) Dynamic DNS (4) Firewall (9) gmail (3) IPSEC (2) Let's Encrypt Certificates (7) monitoring (18) networking (21) PBS (3) pfBlockerNG (2) pfsense (43) port forwarding (3) proxmox (17) proxmox backup server (3) proxmox community (2) proxmox virtual environment (16) pve (5) rev202207eng (76) routing (2) security (28) SNMP (4) SNMPv1 (3) ssh (4) SSL (6) Synology (7) udm-pro (5) unifi (6) unifi controller (3) Unifi Dream Router (2) UPS (5) VLAN (4) vpn (9) wifi (4) Zabbix (18) Zabbix Agent2 (11)

See also

Privacy policy

Sitemap

©2025 Geek is the Way! | Design by Superb