PFSense without DNS
-
Hi to all,
I'm asking a strange question here.
I would know if any one had experience with a pfsense box with-
dns server configured under system >general
-
but without DNS forwarder or DNS resolver (no enable flag)
Some of the aliases in the ruels are fqdn that need to be resolved for the rule to work: I think PFSense will ask the general DNS for resolution.
How ofthen this will appen?
Every time a rule/alias is changed and I think every N minutes?Has anyone an idea of how this will impact on the performances?
Regards.
-
-
in /System/Advanced/Firewall&NAT
-
Asamat, thanks for your answer.
Has anyone ever tryed pfsense without dns service locally enabled?
What performance degradation (if any) should I expect?regards.
-
So your clients don't ask pfsense for anything? If your clients are not using pfsense, then sure you could not run any local cache be it the forwarder or the resolver.
Just to let you know that since there is no local caching NS running, when pfsense goes to query stuff in your alias every 5 minutes whatever is returned would not be cached for the TTL of said record, and would have to be be queried for again most likely.. So every 5 minutes you would be doing external queries for everything in your aliases... Vs say looking up something, and then having the local service caching it for the length of the TTL before having to be queried for again.
Even if your clients are not using pfsense for name services, prob best to run either the resolver and forwarder so that aliases being used can be cached, and pfsense can cache its own needs - ie checking for updates and packages.
Are you using dhcp services on pfsense? If you just point pfsense at some external dns - it would not even be able to resolve local hosts either via dhcp entries being placed in the dns.. And would have no way of setting up specific forwards for domains to be able to find your local stuff.
