Cloudflare for a select few DHCP clients

Networking DNS
1

There are a few dozen DHCP clients behind this campus IPFire network.
Some have fixed leases like servers, etc.

They want IPFire to use the ISP-assigned DNS server as much as possible. It is the default.

How do you make a IPFire assign Cloudflare as the DNS for a select group of 8 DHCP clients?
And leave the rest of the DHCP clients as is - IPFire as their DNS.

Don’t see anything in the WUI page to do this.

2

I am not aware of a way to do this in IPFire. You could set the DNS on those select few DHCP clients to Cloudflare, then have IPFire manage DNS for the rest with the ISP default.

3

Yeah, we are already doing that on a few DHCP clients.
But on some devices we have to change them from dynamic to static IP addresses, in order to specify (Cloudflare as) the non-default DNS. That involves managing address blocks in an ad hoc manner. It is easier to do it all within IPFire.

4

:thinking:
edit
I wonder if the file /var/ipfire/dhcp/dhcpd.conf.local can be used for this purpose.

5

It is possible to redirect clients to use IPFire’s DNS:

Similarly, you can create a client group with a DNS redirect from IPFire to Cloudflare.

However, the DNS server displayed to the client will still be IPFire.

1 Like
6

I am aware of and use the firewall rule to redirect DNS to IPFire for all users. What I meant was I was not aware of splitting this up so that some clients fall under this rule while other clients use whatever other DNS they want.

7

:thinking: What if, in this case, we added the rule above redirecting to another DNS server?

8

Here’s the test I performed for this use case:

DNS Page

DNS
DNS808×481 16.6 KB

Services Group
ServiceGroup
ServiceGroup800×512 14.5 KB

Hosts Group
HostGroup
HostGroup801×634 21.6 KB

Rules
Rules
Rules804×814 38.9 KB

Rule2
Rule2
Rule2801×968 32.7 KB

Rule3
Rule3
Rule3806×959 31.3 KB

IncomingRule1
IncomingRule1
IncomingRule1802×960 34.8 KB

OutgoingRule1
OutGoingRule1
OutGoingRule1804×962 32 KB

I verified this with Tcpdump

virtual10 accesses CloudFlare’s DNS via IPFire’s redirection
Virtual11 accesses IPFire’s (Google) DNS

2 Likes
9

edit

Probably if we do not use Force clients to use IPFire DNS Server, we can move (to the dhcpd.conf.local file) the configuration of the client’s static lease by adding option domain-name-servers.

e.g.

host fix0 # debiantest
{
	hardware ethernet AA:BB:CC:DD:EE:FF;
	fixed-address 10.10.10.100;
	option domain-name-servers 1.1.1.1, 8.8.8.8;
}
3 Likes
10

Yes, it works fine without using IPFire’s DNS.
It’s in the file /var/ipfire/dhcp/dhcpd.conf.local (not dhcpd.local.conf) :wink:
You also need to remove the added entry from the dhcp.cgi page.

1 Like
11

Oops :face_with_open_eyes_and_hand_over_mouth:
You’re absolutely right. :smiley:
I have made the necessary corrections.