DNS Resolver Question



  • When using the DNS resolver if other DNS servers are listed (ie Google IPv4 and IPv6) what is the impact? Does the DNS Resolver still go the to the DNS Root servers to start the resolution process.


  • Rebel Alliance Global Moderator

    if your using the resolver in resolver mode - those are never going to be used.

    Why would you have those listed if your using the resolver?  Did you set them in general settings?  Why?



  • @johnpoz:

    if your using the resolver in resolver mode - those are never going to be used.

    Why would you have those listed if your using the resolver?  Did you set them in general settings?  Why?

    NTP?



  • Thanks John for the update. I am not using any entries in the General Setup for DNS. I just wanted a double check on the issue. It works great with just the DNS Resolver.

    Howard


  • Rebel Alliance Global Moderator

    NTP??? What does that have to do with google for dns?  Pfsense should be set to use itself, ie the resolver..  NTP would then use that to resolve any ntp servers.



  • @johnpoz:

    NTP??? What does that have to do with google for dns?  Pfsense should be set to use itself, ie the resolver..  NTP would then use that to resolve any ntp servers.

    if you go System/General setup/Localization/Timeservers, there is a hint:

    Use a space to separate multiple hosts (only one required). Remember to set up at least one DNS server if a host name is entered here!

    The hosts were entered by NTP



  • if your using the resolver in resolver mode - those are never going to be used

    I had assumed pfSense used the servers listed on General Setup page.  But I just noticed the Enable Forwarding option on the DNS Resolver page.  So, since that isn't enabled, I'm apparently not using the specified servers, as verified with Wireshark.  As someone who's only running a home network, is there any advantage to either option?  I currently have 4 Google DNS servers configured, 2 IPv6 and 2 IPv4.

    BTW, is there any higher authority than Google?  ;)


  • Rebel Alliance Global Moderator

    "Remember to set up at least one DNS server if a host name is entered here!"

    Well yeah pfsense going to need to be able to resolve.. Which using loopback, ie 127.0.0.1 and the resolve does that ;)

    If your using the resolver, pfsense has NO use for any other dns settings.. It just needs to know to ask itself, ie the resolver running on it for anything pfsense directly would need to lookup or any services running on pfsense.




  • @johnpoz:

    "Remember to set up at least one DNS server if a host name is entered here!"

    Well yeah pfsense going to need to be able to resolve.. Which using loopback, ie 127.0.0.1 and the resolve does that ;)

    If your using the resolver, pfsense has NO use for any other dns settings.. It just needs to know to ask itself, ie the resolver running on it for anything pfsense directly would need to lookup or any services running on pfsense.

    Thanks for the explanation.



  • @johnpoz:

    "Remember to set up at least one DNS server if a host name is entered here!"

    Well yeah pfsense going to need to be able to resolve.. Which using loopback, ie 127.0.0.1 and the resolve does that ;)

    If your using the resolver, pfsense has NO use for any other dns settings.. It just needs to know to ask itself, ie the resolver running on it for anything pfsense directly would need to lookup or any services running on pfsense.

    one more question:  for OpenVPN server setup, if there is no DNS server defined in OpenVPN, should it use 127.0.0.1, or I have manually enter the loopback??


  • Rebel Alliance Global Moderator

    What??  No a vpn use would use the IP address of pfsense as its dns.. Just like your dhcp clients use pfsense IP address in that network.  Set your openvpn to hand out say your lan IP of pfsense.  If you had a client 127.0.0.1… Its just going to try and ask itself..  Thats not going to work, unless its running a resolver of his own ;)



  • @johnpoz:

    What??  No a vpn use would use the IP address of pfsense as its dns.. Just like your dhcp clients use pfsense IP address in that network.  Set your openvpn to hand out say your lan IP of pfsense.  If you had a client 127.0.0.1… Its just going to try and ask itself..  Thats not going to work, unless its running a resolver of his own ;)

    I see, thanks.