How to override my ISP's DNS servers ?



  • Hi guys,

    How can I remove the two DNS entries from the list below ?

    The two 83. entries are being added by obtaining the WAN IP through DHCP.

    The other ones are set from System / General Setup:

    Thank you !


  • Rebel Alliance

    Just "un-check"  DNS Server Override "allow DNS Server…......" (read the description)




  • Wow, i somehow missed it !
    Anyway, thanks for the fast reply.
    I think I searched for half an hour for a way to remove these entries, and the answer was in the same page all this time …

    So thanks again!
    Next time I'll have to really open my eyes before posting.


  • LAYER 8 Global Moderator

    So your using the forwarder and not the resolver?  Pfsense defaults to using unbound in resolver mode, these settings are all pretty pointless if that is the mode your using..  Other than for pfsense itself that if unbound failed ie loopback,  What is 192.168.2.203?  Is that some other local dns - is that pfsense interface address?



  • I'm using the resolver, the forwarder is disabled.
    The DHCP server (pfSense) sends two DNS entries to the clients:
    1: 192.168.2.10 - pfSense itself and
    2: 192.168.2.203 - local DNS server on a Windows 2012 VM

    For the pfSense box DNS itself I'm using Google and OpenDNS entries.
    The Windows Server i'm using to learn about Domain Controllers, DNS Servers and so on.
    On the Windows Server DNS properties I have 192.168.2.10 set as forwarder. (not sure yet if that's correct, but that's another story).
    So I'm still learning a lot of stuff.

    My setup is like this:

    • ISP modem in bridge mode
    • pfSense VM as router
    • 3 wireless access points throughout the house
    • Plex Server (VM) / Ubuntu 16.04 server
    • omv NAS (VM)
    • Windows 2012 Server (VM)

    All VM's run on a Dell T20 Server / esxi 6.

    All servers and clients are on the same vlan, that would be the next step to learn about using different vlans and so forth.


  • LAYER 8 Global Moderator

    The DHCP server (pfSense) sends two DNS entries to the clients:
    1: 192.168.2.10 - the pfSense VM itself and
    2: 192.168.2.203 - local DNS server on a Windows 2012 VM

    Yeah that is bad setup… All clients of AD should only use AD for dns.. Your AD dns should then forward to something outside or pfsense, and let pfsense resolve what your AD is not authoritative for.  Or sure it could just resolve from roots as well.

    You can never be sure what dns server is going to get asked.. Windows for sure does not say oh let me ask 1, oh I got a nx or I got refused or he didn't answer fast enough let me ask dns 2. Next time same thing, etc.

    Pointing any client to dns that does not resolve the same stuff is BAD design.  You can list as many dns servers as you want.  But they should all be able to resolve the same stuff to the same IP.. So if your going to point to public dns you could point to googledns and opendns sure.  They both can resolve all public domains, one should not give different answer than the other.  Other than maybe if the authoritative changed its entry and one had it cached while the other didn't etc..

    They both do the same thing.  If you have more than 1 local nameserver that all can resolve your local domains the same, then sure you can point to multiples of those.  But its bad idea to point to a local dns that can resolve your local stuff as the same time you point to a public dns that has no freaking clue about host.local.lan etc..

    Doing what your doing with the split one public one local dns is not good...



  • Thanks for the feedback, I really appreciate you took the time to explain !
    And I'm glad you pointed out the bad setup, this is the kind of answers I was looking forward to.
    What I will do is keep playing with the Windows DNS server and see how far I can get.
    I now understand it's pointless to have both pfsense and win dns listed as DNS servers.


Log in to reply