Multi-Wan and OpenDNS

  • Current Setup :

    4 WAN links ; 1 LAN on an older Intel Xeon X3220, with 8 Gig. RAM
    DNS Forwarder -> DISABLED ;
    DNS Resolver -> DISABLED ;
    Allow DNS server list to be overridden by DHCP/PPP on WAN : Disabled ;
    Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall : Enabled ;

    FOR DNS : Active Directory
    Active Directory Forwarders setup as:

    PFSense Firewall Rules allows only the OpenDNS Servers listed aboves on port 53 and denies all other DNS servers.

    General Setup -> Settings -> WAN 1 DNS Server : ;
    General Setup -> Settings -> WAN 2 DNS Server : ;

    In the General Setup Settings for DNS, is it ok NOT TO ASSIGN a DNS server for two of the WAN links : WAN 3 and WAN 4 ?

    Reason for this is to ensure that connections use the OpenDNS Servers.

  • LAYER 8 Netgate

    In that case those settings will only be used for queries from the firewall itself.

    Honestly, I would probably just tell pfSense to also use the inside AD servers for DNS resolution if I had a setup like that.

    Set the DNS servers in System > General Setup to the AD server addresses without a gateway set and be sure DNS Server Override IS NOT checked and Disable DNS Forwarder IS checked. (looks good)

    That will result in an /etc/resolv.conf on pfSense itself containing only the AD servers as nameservers. When the AD servers go out to get answers, the queries come into the interface and can be policy routed however you desire.

    Else you need a different DNS server for every WAN or you need to enable default gateway switching which is a pretty big hammer considering you can just use inside servers to resolve names.

  • Thanks for responding. Will give it a try.

Log in to reply