DNS Server Override Question

kevindd992002 · Jan 18, 2017, 5:11 AM

There's 4 DNS servers involved in this question and I'm going to name them DNS1, DNS2, DNS3, and DNS4. DNS1 and DNS2 are provided to me by my ISP through DHCP. DNS3 and DNS4 are servers that I intentionally want to use.

Originally, my setup is that DNS3 and DNS4 are specified under System -> General Setup -> DNS Server settings and that DNS Server Override is unchecked. This means that when I go to Status -> Interfaces, I only get these two servers listed under the DNS Servers section of the WAN. All and good.

Now I was assuming that (at least that's the behavior I noticed when I was testing this a few months ago) when you check DNS Server Override, the WAN interface will obtain DNS1 and DN2 from my ISP and use it. When I say use it I meant DNS1 and DNS2 should be listed under Status -> Interfaces -> WAN instead of DNS3 and DNS4 but this is not the case. I still see DNS3 and DNS4 there. I already released and renew the WAN interface to no avail.

Then what I did was to remove DNS3 and DNS4 from System -> General Setup -> DNS Server settings and kept DNS Server Override and true enough DNS1 and DNS2 were shown under Status -> Interfaces -> WAN. I then put DNS3 and DNS4 back to the list and now what I see under Status -> Interfaces -> WAN are DNS1, DNS2, DNS3, and DNS4 in that order.

Questions:

1.) Why did I have to remove DNS3 and DNS4 off the list first (and then put them back later) for pfsense to obtain DNS1 and DN2 from my ISP?
2.) With all DNS servers seen under Status -> Interfaces -> WAN and DNS Server Override checked, will pfsense use DNS1 and DNS2 ONLY? Is DNS3 and DNS4 listed there only for display?

Thanks for your help.

johnpoz · Jan 18, 2017, 11:13 AM

So your using the forwarder? Pfsense out of the box would be resolving..

kevindd992002 · Jan 18, 2017, 12:23 PM

Yes, I'm using DNS Forwarder and have DNS Resolver disabled.

johnpoz · Jan 18, 2017, 12:44 PM

I have not used forwarder in a long time.. if you want to use specific dns - then set those. Allowing override of your dns settings via what you get from dhcp on your wan, I am not clear on how that actually effects what you had put in the dnsservers other than from the wording it should override that. If you have more than 2 listed and you only get 2 not sure how that works out.

My advice would be to use the resolver ;)

But if you want to forward, then put what you want to forward to in - and don't let your isp override it ;)

kevindd992002 · Jan 18, 2017, 1:22 PM

Well, yeah. But regardless of using either forwarder or resolver it shouldn't be behaving the way I described it, right?

I only want the ISP Override when I'm troubleahooting something. I don't want to have to remove the dns servers in the list and then put them back on so that my pfsense box will forward to the ISP's servers.

johnpoz · Jan 18, 2017, 1:44 PM

if using the resolver there is not forwarding to anything..

I would have to test what happens when you put in something in dns and then select override from dhcp. I would take it from the wording it overrides what you put in there ;)

kevindd992002 · Jan 18, 2017, 4:27 PM

Correct. But it's not the forwarding that's actually my problem :) It's how the DNS override does not do the override unless I empty the custom DNS servers list in the General section.

Thanks, I'll wait for your test results then ;)