PFSense 2.3.2 DNS Routing block unauthorized DNS is this correct?



  • Hello,
    I want to make sure the computers on my network have to use PFsense's DNS's listed in the General Tab right now here is what I am doing. Everything is disabled or default unless specified below

    *General tab
    –---DNS server 1:8.8.8.8
    -----DNS server 2:8.8.4.4

    *DNS Resolver is enabled
    -----Transparent
    -----DNSSEC Support

    Firewall
    -----Antilockout
    -----(Pass) IPv4 TCP/UDP * * LAN address 53 (DNS) * none
    -----(Blocked)IPv4 TCP/UDP * * *                  53 (DNS) * none
    -----(Pass)    IPv4 TCP        * * *                  3128      * none
    -----(Pass)    IPv4 TCP/UDP Alias * *              *            * none (This one has limiters on it)
    -----(Pass)    IPv4
                  LAN net * *        *            * none
    -----(Blocked)IPv6

    I have two interfaces one is a Lan and the other is the laptops wireless card which both are used for the same network. I just want to know if this is the correct way to do this. I have given myself a crash course on all this stuff, and I think sometimes fumbling around mistakes can be made. As of right now If I enter a custom DNS in /etc/resolv.conf and try to use the ping, dig or nslookup command those commands just hang and I am able to access web pages. If I enter the IP Address of the PF sense machine all those commands process correctly and I am still able to access web pages.

    I also have found that I have to set the ip address of the LAN interface under the DHCP Server in the DNS section in order for the PFSense box for DNS resolution to take place. After I get this setup working smoothly and have decreased the down time I was planning on adjusting the DNS servers that I use.