Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver vs. DNS Forwarder

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 5 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      Harvy66
      last edited by

      Forwarder just forwards the requests up stream. Upstream is either a forwarder or resolver itself. At some point a resolver is involved because a forwarder cannot "resolve" the name into an IP. A forwarder can cache.

      1 Reply Last reply Reply Quote 0
      • S Offline
        Stugots
        last edited by

        So if I'm looking to improve DNS lookups within my network I should use a DNS Forwarder?

        PC Engines APU2C4

        1 Reply Last reply Reply Quote 0
        • H Offline
          Harvy66
          last edited by

          Both can cache and both can make it faster. I am not familiar enough with the practicalities of the minor differences for most every-day users to be able to say one is better than the other. I personally just use it as a resolver. For the utmost in lowest latency forwarder might win if you have a reliable low latency upstream target, like what 1.1.1.1 or 8.8.8.8 might provide depending on your ISP.

          I have "Prefetch Support" enabled under advanced, this should keep the cache hot. Using wireshark to sniff request and response, I have about a 300us-600us response time or ~0.5ms. As long as you're hitting the cache, the performance will be pretty much identical.

          1 Reply Last reply Reply Quote 0
          • S Offline
            Stugots
            last edited by

            I was running a DNS forwarder, I just switched it to a resolver and tweaked some settings. Seems to have made an improvement.

            I switched to using Cloudflare already.

            PC Engines APU2C4

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              "I switched to using Cloudflare already."

              Then your NOT resolving…. Your just using unbound as your forwarder vs the dnsmasq as the forwarder..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              1 Reply Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan
                last edited by

                @acascianelli:

                …
                I switched to using Cloudflare already.

                So, instead of resolving directly, you tunnel (forward) all request to another resolver : Cloudfare.
                Somewhere, somehow, some one has to resolve your requests because no DNS server on the world will have an up to date 'list' will all domain names versus IP's, that just impossible.
                True, Cloudfare has probably a very big cache, so some or more requests could be send back to you right away, but your requests from LAN with all your devices will end up in your local (!) cache anyway.

                Rule of thumb : use the shortest path = Resolver. You'll be getting the correct - less chance to be spoofed, and DNSSEC secured when available - answers as a bonus.
                Nice free side effect : Cloudfare doesn't know what you are doing ^^

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • S Offline
                  Stugots
                  last edited by

                  @johnpoz:

                  "I switched to using Cloudflare already."

                  Then your NOT resolving…. Your just using unbound as your forwarder vs the dnsmasq as the forwarder..

                  Yea. That’s correct, my mistake.

                  PC Engines APU2C4

                  1 Reply Last reply Reply Quote 0
                  • NollipfSenseN Offline
                    NollipfSense
                    last edited by

                    @Harvy66:

                    I have "Prefetch Support" enabled under advanced, this should keep the cache hot.

                    Can you please share more specifics…where under advanced...system turnable, if so which one?

                    pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                    pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      If it was a snake it would bite you ;)  Its right at the top of the advanced section.

                      prefetch.png
                      prefetch.png_thumb

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                      1 Reply Last reply Reply Quote 0
                      • NollipfSenseN Offline
                        NollipfSense
                        last edited by

                        @johnpoz:

                        If it was a snake it would bite you ;)  Its right at the top of the advanced section.

                        Thank you Johnpoz…I was looking under system > advanced.

                        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ Offline
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          keep in mind it does not prefetch everything every queried.  It just renews a record that is queried if the ttl is 10% of life or left.

                          You prob want to turn on the serve ttl 0 option as well if your having delays with resolving.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.