Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with DNS

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 531 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gregeehG Offline
      gregeeh
      last edited by gregeeh

      Hi all,

      pfSense - 2.5.2

      I have OpenVPN setup on my Router, using the provider VPN.AC. The DNS Resolver is disabled and the DNS Forwarder is enabled as detailed in VPN.AC instructions. Their instructions state:

      "In order for DNS resolution to work properly while connected to the VPN, pfSense must not act as a resolver itself but as a forwarder, using static/3rd party DNS resolvers. You can set any static DNS services you want; while the VPN is up, our private DNS resolvers will be used. "

      General Setup:
      alt text

      DNS Forwarder:
      alt text

      I have several devices configured not to use the VPN via the Alias LAN_VPN_Bypass :
      alt text

      My problem is these devices are not getting the DNS IP's on the General Setup Page like I thought they would. What am I doing wrong?

      TIA

      PfSense running on Qotom mini PC
      CPU N3150, 2 GB memory, 32 GB SSD & 2 Realtek Gb Ethernet ports.
      UniFi AC-Lite access point

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @gregeeh
        last edited by

        @gregeeh said in Need help with DNS:

        are not getting the DNS IP's on the General Setup Page like I thought they would.

        What IP are they getting as their DNS IP ?

        Normally, the DHCP server (for LAN) will attribute the DNS you've set up on the DHCP server settings page. If there is nothing, it will be the IP of the pfSense LAN.
        This means the devices on LAN will send their DNS request to pfSEnse, and the forwarder will centralize the DNS request, forward them to 1.1.1.1 or 8.8.8.8 if the answer wasn't cached.

        @gregeeh said in Need help with DNS:

        "In order for DNS resolution to work properly while connected to the VPN, pfSense must not act as a resolver itself but as a forwarder, using static/3rd party DNS resolvers. You can set any static DNS services you want; while the VPN is up, our private DNS resolvers will be used. "

        Strange advise.
        So bye bye DNSSEC (security).
        Why would a VPN provider wants you to send your DNS traffic to an unknown third party ?
        I wonder what their motivations are.

        What if some 3rd party will monitor traffic of your DNS resolvers?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        gregeehG 1 Reply Last reply Reply Quote 0
        • gregeehG Offline
          gregeeh @Gertjan
          last edited by

          @gertjan said in Need help with DNS:

          What IP are they getting as their DNS IP ?

          alt text

          @gertjan said in Need help with DNS:

          If there is nothing, it will be the IP of the pfSense LAN. ?

          DNS Server fields are empty in the DNS Server setup. DNS is set to the IP of the Router in these devices.

          @gertjan said in Need help with DNS:

          This means the devices on LAN will send their DNS request to pfSEnse, and the forwarder will centralize the DNS request, forward them to 1.1.1.1 or 8.8.8.8 if the answer wasn't cached.

          This is what I thought, but it's not happening.

          PfSense running on Qotom mini PC
          CPU N3150, 2 GB memory, 32 GB SSD & 2 Realtek Gb Ethernet ports.
          UniFi AC-Lite access point

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.