How to set PUBLIC dns server for wan and secure dns server for openvpn



  • Hi all,

    this is my first post and first time setting up pfsense, I have used this forum quiet a few times in setting up the router and has helped me a lot. thanks again!

    now to my issue:

    I have the pfsense 2.3.2_p1 up and running with 1 WAN connection and 2 PIA VPN connections grouped.

    my firewall Rules/Manual outbound NAT settings account for the grouped VPN connections and specifically allow 2 devices on the network to pass through the grouped VPN and all other devices to bypass the VPN and use the WAN.

    my connection is good and stable on the vpn

    I haven't set any DNS server addresses in the DHCP server settings. DNS resolver is enabled by default, which makes be believe the pfsense router acts as a DNS server.

    what I would like to do is, use the fastest DNS server (use namebench or DNSbench to obtain the DNS servers) for WAN (i.e. for all devices that bypass VPN) and use PIA specific DNS servers 209.222.18.218 and 209.222.18.222 for the two devices that use the grouped OpenVPN connection.

    the reason I want to do this is to make sure the VPN connections are secure (I/DNS leak, not necessarily fast) but the WAN connections are fast.

    I feel this has to be done using the DNS forwarder option and set the proper host and domain overrides, but I am not sure.

    is there any disadvantage of using this method? DNS forwarding vs resolver?

    thanks



  • I guess

    one option for me to do is

    use the fastest 2 DNS servers 1 and 2  in DNS server settings for WAN

    and use 209.222.18.218 for PIAVPN1
    and use 209.222.18.222 for PIAVPN2

    where PIAVPN1 and PIAVPN2 are the two openVPN clients actively connected.
    and uncheck the DNS server list override.

    not sure if this is correct, but just a thought.

    ashish