How to use non-standard DNS port in pfSense? In OpenWRT I simply add # after IP

warheat1990 · Aug 26, 2017, 1:01 PM

In OpenWRT, I can add # after IP to specify which port I want to use for DNS.

Pic here:

The reason I want to do this is because my ISP is hijacking the DNS port. Please don't bother with "it's time to change to another ISP" because I don't have that choice.

johnpoz · Aug 26, 2017, 2:07 PM

Not sure why you think your isp is not going to just intercept 5353 as well.. Do they also listen on 443? You could try that.. But setting dnsmasq (forwarder) to use a different port is simple server line in the custom options line

server=208.67.222.222#5353

See attached test of this.. You could prob do it on the resolver as well, but to be honest the resolver (unbound) in forwarder mode is just pointless ;) If your going to just forward might as well just use the forwarder..

warheat1990 · Aug 26, 2017, 2:38 PM

@johnpoz:

Not sure why you think your isp is not going to just intercept 5353 as well.. Do they also listen on 443?

Because I've been using 208.67.222.222#5353 for years in my OpenWRT, I just changed from OpenWRT to pfSense recently. They're stupid enough to ignore 5353 but not 443.

warheat1990 · Aug 26, 2017, 3:06 PM

@johnpoz:

Not sure why you think your isp is not going to just intercept 5353 as well.. Do they also listen on 443? You could try that.. But setting dnsmasq (forwarder) to use a different port is simple server line in the custom options line

server=208.67.222.222#5353

See attached test of this.. You could prob do it on the resolver as well, but to be honest the resolver (unbound) in forwarder mode is just pointless ;) If your going to just forward might as well just use the forwarder..

By the way, it's not working for me. IPLeak and dnsleaktest is still showing my ISP DNS.

I also tried changing Listen Port from 53 to 5353 and I no longer have internet access unless I change it back.

Any idea why? Do I also need to remove DNS Server in System > General Setup?

johnpoz · Aug 26, 2017, 3:47 PM

Well yeah or they would also be forwarded too..

You also need to make sure you do not allow override from dhcp.

warheat1990 · Aug 26, 2017, 4:45 PM

@johnpoz:

Well yeah or they would also be forwarded too..

You also need to make sure you do not allow override from dhcp.

I already unchecked "do not allow" but removing DNS Server from General Setup did it. Thanks for the help! Appreciate it.