Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "Disable DNS Forwarder" Option

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • beremonavabiB
      beremonavabi
      last edited by

      I'm confused about the "Disable DNS Forwarder" option under System > General Setup > DNS Server Settings.

      First, the name of that option doesn't seem to agree with what the text next to it talks about:

      Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall

      By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers in resolv.conf.

      It doesn't appear to disable DNS Forwarder.  Instead it looks like it just prevents pfSense from using localhost (127.0.0.1) as the first place to check for DNS resolution.  OK.  I'm fine with that.  But, WHY would I not want use localhost?  The Help page appears to be out of date and only refers to DNS Forwarder and not DNS Resolver:

      Do not use the DNS Forwarder as a DNS server for the firewall: By default the firewall itself will also use the DNS Forwarder. This is faster, more robust, and less likely to fail. If the DNS Forwarder is disabled, this should be checked to prevent the firewall from attempting to use the DNS Forwarder for its own DNS.

      But, I assume it now should say something like if BOTH DNS Forwarder and DNS Resolver are disabled, then that option should be checked.  So, just to make sure, if I've got Forwarder disabled and Resolver enabled, I should leave that option OFF?

      SG-4860, pfSense 2.4.5-RELEASE-p1 (amd64)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.