Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to use DHCP-assigned DNS servers in multi-WAN setup?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 872 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      XeCutor
      last edited by

      Hey

      I've got two completely different internet connections that I've successfully set up to load balance or fail over, I'm still experimenting with what makes most sense since they are quite different in performance one being fiber the other DSL.

      My problem is as follows. I would like to use the DNS servers that I get assigned over DHCP, two per WAN. I could probably set servers manually and uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN" and make it work but that's what I want to avoid.

      One ISP's DNS server(s) are only reachable from their network, so if that is queried it won't ever respond and all is well because as I've understood pfsense will use one of the others and the DNS for that ISP will respond.

      The other ISP however has they're DNS servers configured differently, they are reachable and they're extremely quick to respond that they refuse to accept connections unless the connections are from their own network. This is problematic as this is my secondary ISP and 99.5% of my traffic right now goes through the primary but if pfsense's dns forwarder gets a (very quick) reply from my secondary ISP's DNS servers saying connection refused it seems to pass that on to the clients on my network and DNS is for all intents and purposes down.

      So for example, on a client machine behind pfsense I run this command:
      host google.com 81.26.226.3
      And get:
      Using domain server:
      Name: 81.26.226.3
      Address: 81.26.226.3#53
      Aliases:

      Host google.com.peters.pm not found: 5(REFUSED)

      If I run the command from the same machine bypassing the dns-forwarding and use DNS server associated with that gateway, all is well.

      What I want is that the DNS servers pfsense gets will only be used on the gateway that they've been gotten from, that doesn't seem very unreasonable, right?

      1 Reply Last reply Reply Quote 0
      • R
        raab
        last edited by

        From what I've read it's preferable to manually configure the DNS servers and specify the gateway, under System -> General Setup, and unchecking "Allow DNS servers…"

        This is how I've configured it in my multi-wan scenario, two vdsl connections with different ISPs. This ensures that queries are routed out the correct gateway mitigating issues you describe.

        Also, it looks like your client device is appending the domain suffix to your query so you should add a full stop after it, e.g. host google.com.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.