Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Improve documentation DNS Forwarder

    Scheduled Pinned Locked Moved
    DHCP and DNS
    2
    6
    440
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Summer
      last edited by

      Hi,

      I've looked at:

      https://docs.netgate.com/pfsense/en/latest/services/dns/forwarder.html

      I know should be obvious to guru but not for newbie like me: what's the meaning ot this feature?

      I mean: use this feature to allow:

      • LAN clients to query pfsense as DNS server ?
      • replace requested hostname with custom ?

      Please add some network flow diagrams too.

      Thanks, BR

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Summer
        last edited by

        @Summer

        See here.

        I won't be surprised that dnsmasq won't be part of pfSense in the near future.

        Btw : no need to be a guru. I'm running a hotel.

        But you better have your 'DNS act' together, something obvious, IMHO, as soon as you fall for the "let's install pfSense because it's easy to download etc" trap. You'll still be needing an astronomical quantity of your neurons (also free, but you have to fill them with info and nobody can help you here).

        Btw : DNS Forwarder : read the first blue note, the first line. That's solid info.
        Those who need it, will know why 😊

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Reply Quote 0
        • S
          Summer @Gertjan
          last edited by

          @Gertjan I agree, but my mind is following the python zen:

          There should be one-- and preferably only one --obvious way to do it.

          These day isn't too hard to jump from one topic to another and knowledge of the layers of each topic cannot be the same for all.

          @Gertjan said in Improve documentation DNS Forwarder:

          Btw : DNS Forwarder : read the first blue note, th

          You're right that should be disabled by default.

          If I need the ability to tell my LAN clients when you need host giacomino.doesnotexist please look for LAN.LAN.LAN.X I suppose DNS forward will still be the only choice.

          GertjanG S 2 Replies Last reply Reply Quote 0
          • GertjanG
            Gertjan @Summer
            last edited by

            @Summer said in Improve documentation DNS Forwarder:

            You're right that should be disabled by default.

            It is.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • S
              Summer @Summer
              last edited by

              I'm reading:
              https://docs.netgate.com/pfsense/en/latest/services/dns/resolution-process.html

              Resolver:
A DNS server acting as a resolver will accept recursive queries from clients and/or forwarders and perform DNS resolution by making iterative queries to root and authoritative DNS servers in search of an answer. Like a forwarder it will typically cache results for increased performance.

A resolver maintains a list of root servers in its “root hints” list. Resolvers will typically ship with a stock list but update it periodically from a trusted source.


Forwarder:
A forwarder is a type of DNS server which accepts recursive queries from clients and makes its own queries to an upstream DNS server, which could be another forwarder or a resolver. A forwarder will typically cache results so clients get faster responses for frequently resolved queries.

Note

A forwarder does not perform DNS resolution itself, it passes a query along to another forwarder or resolver unless it has the answer in its cache.

              Now:

              • pfBlocker-NG and DNS Resolver are both unbound: Resolver

              • I've disabled DNS Forwarder and enabled DNS Resolver my LAN clients can still use pfsenseLAN as DNS

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @Summer
                last edited by

                @Summer said in Improve documentation DNS Forwarder:

                pfBlocker-NG and DNS Resolver are both unbound: Resolver

                No.

                Unbound is a resolver. See, for example : NLnet Labs - Unbound - About or Unbound (DNS server).

                pfBlockerng uses the local 'resolver' (unbound, in this case), add acts like a 'plugin' : it intercepts all DNS request received by unboud, typically from the LAN connected devices, and before unbound executes a 'resolve' for every request, pfBlockerng (the plugin) gets its hands on the request first.
                This permits pfBlockerng to compare the request with a big list (the DNSBL feeds) to see if it concerns a 'blocked' domain. If it finds one, it instructs unbound to 'stop the actual resolbing' and say to the client : the IP requested is "0.0.0.0." (so the client can't connect to this IP => the requested domain is blocked).

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post