DNS resolver different GW depending on exiting gateway(VPN)

  • Hello,
    I am using a vpn gateway for one of my VLANS. However at the moment I always need to send all dns queries to the VPN interface just not to leak dns when going through VPN on one of the lans.

    Is there anyway to direct which outgoing interface to use depending on which gateway the traffic will exit on?


  • Hello!

    The DNS resolver configuration page has a setting where you can select outgoing interfaces for DNS traffic. Select your VPN interface to direct your DNS queries there. You also need to ensure that your DHCP server is configuring the desired LAN clients to use pfSense's DNS resolver by adding the firewall's inside interface IP for the specified LAN which your DHCP server is listening on. This change can be made in your DHCP server settings menu. Also make sure the clients themselves are not specifying an undesired DNS server in their network configuration on those devices.

    With query forwarding enabled, you can send the DNS traffic to a DNS service you specify in system > general, you can also specify which gateway the given DNS query will use. Otherwise if query forwarding is disabled, unbound will query the root name servers directly using the interface selected in the outbound network interfaces section.

    If you are using query forwarding and you have a couple of DNS servers in your System > General configuration which are using different gateways, be aware that it appears to me that the resolver will forward the DNS query to all servers listed in the system > general configuration menu, through the gateways designated there for each query sent.

    If I have misunderstood your question, please let me know as I would like to be helpful.

Log in to reply