Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 5 Posters 818 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dastrix
      last edited by

      I am running ExpressVPN on my pfsense but still getting my IP leaked and DNS leaks, i have followed lots of other forum posts.

      I have DNS Resolver enabled and DNS Forwarder disabled

      However i am finding my clients cant resolve anything unless i have a dns server set in

      General Setup - DNS Server

      0_1542749381952_resolver.PNG

      GrimsonG 1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned @dastrix
        last edited by

        @dastrix said in DNS Resolver:

        However i am finding my clients cant resolve anything unless i have a dns server set in

        General Setup - DNS Server

        Which is expected when you turn on DNS Query Forwarding. Do some RTFM https://www.netgate.com/docs/pfsense/book/services/dns-resolver.html

        1 Reply Last reply Reply Quote 0
        • D
          dastrix
          last edited by

          I should have said if i turn that off enable forwarding mode and remove DNS server from general page i cant resolve anything

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @dastrix
            last edited by

            @dastrix said in DNS Resolver:

            I should have said if i turn that off enable forwarding mode and remove DNS server from general page i cant resolve anything

            unbound - the Resolver - will contact the 13 main root DNS servers on any (all) interface by default.
            Outgoing Network Interface, by default, is "all".
            This means, when unbound starts, it will try ALL interfaces. Also LAN and other interfaces that won't route to, for example "198.41.0.4" (one of the main root servers).
            IF your EXPRESSVPN wont route to "198.41.0.4" at startup (startup of unbound) this interface will be fagged as "probably not" (don't use). Maybe it wasn't UP yet at that time ?
            The question is : is your EXPRESSVPN interface UP before unbound gets launched ?
            Test : when the EXPRESSVPN interface is up, restart unbound. Then it should resolve. because the connection EXPESSVPN is up. If not, the VPN is the problem.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • L
              lovan6
              last edited by lovan6

              Getting ExpressVPN to work properly on Pfsense is difficult. You have to start from scratch by doing a factory reset to begin with.

              Messing with Pfsense DNS resolver is not gonna fix your problem. There are ways to do it right.

              The provided ExpressVPN tutorial on Pfsense is half baked.

              Send me a pm and I can provide you with a link.

              1 Reply Last reply Reply Quote 0
              • B
                bcruze
                last edited by bcruze

                this is a guaranteed fix for me. with 3 different providers. since can't get the resolver to do what i want it to either.

                services > dhcp server = assign static addresses to the devices you want to resolve through the personal VPN. once static is set edit the mapping and under DNS servers. plugin the vpn providers static DNS servers.

                reboot the computer and it will pass your leak test.

                i don't use express. but i am interested in any reading as well. i may be able to test/ apply it to my service? thank you

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.