Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver not working with 'out of box' install (forwarder fine)

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 450 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sh500
      last edited by

      All,

      I am relatively new to pfsense. But I set up a dedicated box a couple of weeks ago. Just to get the the internet and network up and running, I used the DNS forwarder option.

      Now I was looking at getting pfblockerng working, which of course needs resolver.

      On my main pfsense box, I have a working config of multiple VLANs, OpenVPN server and client (still using DNS forwarder). I was reading up on basic guides for DNS resolver and there does not seem much to it to get it working. So I thought, I may have messed a config somewhere on my main box.

      So I set up an entirely different pfsense box, with a fresh install and absolutely minimum configuration - WAN and LAN. I am experiencing the same problem with getting resolver working.

      My setup is a ISP router (cannot do modem mode) --- pfsense. The ISP router has its firewall and most other things disabled. But I have still 'opened/port forwarded' UDP/53 on it.

      Is my ISP (Vodafone UK) blocking me from using resolver or is there something simple I am missing?

      Thanks in advanced.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The DNS resolver, by default, acts as a Resolver. This means it will contact the root DNS servers and other authoritative DNS servers directly. Some providers do not like this, they want you to use their DNS servers or they believe you are attacking other DNS servers or other similar nonsense to control what you do.

        The DNS resolver can act as a forwarder as well, simply check the box in its settings to enable that behavior. You will probably also have to disable DNSSEC.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        S 1 Reply Last reply Reply Quote 2
        • S
          sh500 @jimp
          last edited by

          @jimp Disabling DNS sec is what did it. Previously I had just checked the forwarding check box without removing DNS sec.

          Thanks for the help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.