DNS Forwarder question
-
My simple requirement is to specify two http domain names to query from wan2 port, topology:
The DNS Forwarder service is enabled, and the configuration and test are successful.Question:
On the DNS Forwarder configuration page, the red marked DNS server (1.1.1.1) must exist in the (General Setup -- DNS Servers) list.
If I write (2.2.2.2[public network available DNS]) but it is not in the (DNS Servers) list, the test fails.
Excuse me, is this setting the default rule of pfsense?ps:(General Setup -- Allow DNS server list to be overridden by DHCP/PPP on WAN or remote OpenVPN server) is not checked
-
@UClinux Since Forwarder has not been the default for quite a while now you may not receive many answers. You can forward from DNS Resolver…just ensure you have DNSSEC disabled if you forward.
-
Hello,
I will try to answer your question.
First, the DNS forwarder use the DNS server configure in the general setting.
DNS Forwarder¶
If you use DNS forwarders only for specific interface (not all), we suggest bypassing general setting with options and specify your specific DNS server. I not find options in documentation but is present in UI.
If you want to specify an interface to request DNS. Example: w1.aaa.com to 1.1.1.1 via wan2. You need to configure a new route to redirect traffic to specific gateway.@SteveITS my proposition is good ?
Personally, I use DNS Resolver with DNS Fowarding activate.
-
@SteveITS Thank you!
No wonder I found very little information about DNS Forwarder. The videos and information I found all talked about DNS Resolver
I did the same test with DNS Resolver, but it didn't work as well as DNS Forwarder.
Every time I run the command: ipconfig /flushdns on my PC, and then run the command: nslookup w1.aaa.com, it will query from the (General Setup -- DNS Servers) list from top to bottom in order, and will not cache. As a result, it takes several seconds to execute nslookup w1.aaa.com each time, because the 1st and 2nd in the (DNS Servers) list are not the DNS servers to be queried for the domain name (w1.aaa.com), and both return a timeout. The correct DNS query result will only be returned when the 3rd one is queried.
ps: The query time is the same whether the DNS Query Forwarding option is enabled or disabled.DNS Forwarder function, as described in the topic, the dns service ip (1.1.1.1) exists in the (DNS Servers) list, the query will be very fast, and the query result will be returned directly from the third dns server, and the three dns servers will not be queried from top to bottom in order. And the forwarding function uses dnsmasq, which has a cache after querying once, and the second query will be returned directly from the cache, which is faster
-
@fuzziqc Thank you!
Which page is the option in the screenshot? I can't find this option in my version 2.7.2.
At present, according to the description of my topic, my needs and goals have been met.
I added 1.1.1.1 to (General Setup -- DNS Servers) as the third DNS server, and it can be used.
If the domain name is not specified by me, it will automatically query the 1st and 2nd DNS servers through the wan1 port
If the domain name I specify is queried from the 3rd DNS server through the wan2 portI want to confirm that the DNS of 1.1.1.1 in the red box must exist in the (General Setup -- DNS Servers) list. It is a hard rule of pfsense,
right? -
Hello Steve,
I use physical appliance Netgate 3100 and version 24.03
And you can find (Ignore System DNS) in this page:
I want to confirm that the DNS of 1.1.1.1 in the red box must exist in the (General Setup -- DNS Servers) list. It is a hard rule of pfsense,
right? YES -
@fuzziqc
I use the community version, which does not have this option.Now I understand that this is a hard rule, and I will continue to use it according to this rule. Thanks for your help
-
@UClinux said in DNS Forwarder question:
Now I understand that this is a hard rule
Not a hard rule.
A logic rule.DNS mostly used to find IP addresses if host names are known.
For those who, used a phone back in the days : like looking up the number if you have the name.If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, If you want to use "w1.aaa.com" as a DNQS, well, ok, fine. What needs to happen first, is resolving "w1.aaa.com" into the IP of "w1.aaa.com", so, ......
You see the problem ?
Not a hard, but a golden rule : for DNS servers, you use IP's
