DNS Forwarder stopped forwarding to 8.8.8.8 and 1.1.1.1



  • Hi,

    I have a pfsense firewall with about 40 VLANS.

    DNS Forwarder is enabled on the firewall and each VLAN is using the default GW as the DNS server.

    DNS Forwarder was forwarding to 8.8.8.8 and everything was working fine for years until a few days ago.

    The firewall stopped forwarding requests to 8.8.8.8. I was able to ping it but just couldn't resolve DNS queries using that address.

    I changed it to 1.1.1.1 and everything started working again but a couple of days later, the same thing started happening with 1.1.1.1 as well. I can ping it but DNS queries are not resolving using that address and as a result, all my clients lost the internet.

    I changed the DNS server address to DYN DNS and it is working again now. Who knows when it is going to stop again.

    I have checked the firewall rules and I don't see anything that is stopping 8.8.8.8 or 1.1.1.1.

    Has anyone experienced anything like this?

    Thanks for your help again. Always appreciate it. :)


  • Rebel Alliance Developer Netgate

    Are you certain it's not being blocked upstream?

    Set your DNS servers back to 8.8.8.8/1.1.1.1 and then check a packet capture on WAN to see if the queries leave the firewall. If they leave but no response comes back, then it's probably your ISP blocking them.



  • @jimp said in DNS Forwarder stopped forwarding to 8.8.8.8 and 1.1.1.1:

    ng blocked upstrea

    Hi Jimp,

    Thanks for your reply. Yes, I am certain because if I change the dns server address to 8.8.8.8/1.1.1.1 on any of the computers, the internet works.

    I will try packet capture and see what happens.


  • Rebel Alliance Developer Netgate

    Any entries in the resolver log on pfSense?

    Can you post screenshots of your DNS Resolver configuration?