Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Resolver, but in 'forwarding' mode?

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 211 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tknospdr
      last edited by

      What is the difference between using DNS resolver with the 'query forwarding' box checked and using DNS forwarder?

      S GertjanG 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @tknospdr
        last edited by

        @tknospdr At the base level of "want DNS to work," not much.

        Forwarder was replaced a long time ago. I don't recall offhand if it does any caching, I think not? You can compare the options in pfSense's GUI to get a sense of options.

        Unbound/Resolver has a "view" feature. It has DNSSEC, though that should be disabled while forwarding. DHCP lease registration. Etc.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @tknospdr
          last edited by

          @tknospdr said in Resolver, but in 'forwarding' mode?:

          with the 'query forwarding' box checked and

          ... and given some DNS servers to forward to :

          fa6d4a2d-3633-4f85-a751-bfecf0fcbdb9-image.png

          Not a lot of difference. The functionality is the same.

          dnsmasq, the original (before 2012 ?) forwarder is still there for historical reasons.
          pfSense started to include Unbound, the resolver, as there are no more good reasons (advantages) to forward to some given = ISP (or chosen by you) corporate DNS server. It's 2025 now, so you can tap into the original "DNS system" that Internet offers you. In short : you can take the info from the source, and you don't need an intermediate services anymore.
          You've seen it yourself how good it is : when you installed pfSense, before you changed anything, 'DNS' worked. So no more need to forwards to some other resolver.

          Resolving means it will use DNSSEC if avaible.

          Still, you can chose what method you want to use.
          Both methods have their advantages.
          My point of view is : Netgate has chosen a default setup with a resolver for a reason.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.