• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot use Cloudflare DNS without enabling DNS Server Override

DHCP and DNS
3
7
685
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    drzoidberg33
    last edited by Apr 4, 2019, 11:59 PM

    I have a strange issue. I'm trying to use Cloudflare's DNS (1.1.1.1 and 1.0.0.1) as my default DNS and ignore my ISPs DNS.

    However when I try to set it up this way the system ignores both these IPs. It works fine using Google DNS, Quad9, etc but when using Cloudflare's it looks the system is ignoring my entries.

    Example trying to set to Cloudflare:

    🔒 Log in to view

    🔒 Log in to view

    Using Google:

    🔒 Log in to view

    🔒 Log in to view

    Does anyone have any idea what is going on here? I Googled a bit and didn't come up with anything except a possible issue with Pfblocker using 1.1.1.1 - but even after disabling pfBlocker completely the same thing happens.

    I'm stumped 🤷

    1 Reply Last reply Reply Quote 0
    • D
      drzoidberg33
      last edited by Apr 5, 2019, 12:01 AM

      Oh and yes, as per the title - when I enable DNS Server Override it works (but also includes my ISPs DNS):

      🔒 Log in to view

      🔒 Log in to view

      1 Reply Last reply Reply Quote 0
      • P
        provels
        last edited by Apr 5, 2019, 12:34 PM

        No real clue, but if you "wiggle" it by choosing the gateway, does it hook?

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        D 1 Reply Last reply Apr 8, 2019, 1:05 PM Reply Quote 0
        • A
          aljames
          last edited by Apr 7, 2019, 1:45 PM

          By checking the override box you are handing off DNS requests to your ISP on the WAN side. If your goal is to use specific external DNS server(s), you uncheck the override, and you must be using either DNS forwarder or DNS Resolver with Query forwarding enabled.

          If DNS Resolver (without forwarding) is used then pfsense ignores your server entries (as you’ve shown here), and instead uses the 11 root DNS resolvers (as mentioned by @Gertjan here: https://forum.netgate.com/topic/142103/controlling-ipv6-or-ipv4-preference/5). Another reason to not add servers here is if you are configuring pfsense to handle all external DNS requests.

          I’m not a pro network user like many here at Netgate forums, so maybe others can add more context. I’m still a newbie...but learning.

          1 Reply Last reply Reply Quote 1
          • D
            drzoidberg33
            last edited by Apr 8, 2019, 12:56 PM

            Thanks for taking the time to respond guys.

            @aljames I'm using the DNS resolver and my goal is exactly to make pfSense the only DNS provider in the network (I'm blocking external DNS requests).

            I'm just rather stumped as why it works fine with all other DNS providers I've tested but doesn't work for Cloudflare. I guess that's my main question here.

            1 Reply Last reply Reply Quote 0
            • D
              drzoidberg33 @provels
              last edited by Apr 8, 2019, 1:05 PM

              @provels I tried that but no unfortunately the only way I can get Cloudflare DNS to take is to set the DNS Server Override option, which I guess isn't the end of the world but I don't want the ones from my ISP being used as they don't support DNS over TLS.

              I'm using a dual WAN (set up in failover) btw, if that matters.

              P 1 Reply Last reply Apr 8, 2019, 2:10 PM Reply Quote 0
              • P
                provels @drzoidberg33
                last edited by Apr 8, 2019, 2:10 PM

                @drzoidberg33 Have you tried using Resolver without using forwarding? That way DNS reqs just go to the root servers. That way, you don't need overrides or any servers at all listed in General Setup. All that will show on the Dashboard will be 127.0.0.1. But no TLS AFAIK.

                Peder

                MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                1 Reply Last reply Reply Quote 0
                3 out of 7
                • First post
                  3/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.