Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense without DNS

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 584 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chriva
      last edited by chriva

      Hi to all,
      I'm asking a strange question here.
      I would know if any one had experience with a pfsense box with

      • dns server configured under system >general

      • but without DNS forwarder or DNS resolver (no enable flag)

      Some of the aliases in the ruels are fqdn that need to be resolved for the rule to work: I think PFSense will ask the general DNS for resolution.
      How ofthen this will appen?
      Every time a rule/alias is changed and I think every N minutes?

      Has anyone an idea of how this will impact on the performances?

      Regards.

      1 Reply Last reply Reply Quote 0
      • A
        Asamat Global Moderator
        last edited by

        in /System/Advanced/Firewall&NAT
        0_1547734424717_ad5faa80-1d93-4e35-80c0-aaf8a2d15fae-image.png

        1 Reply Last reply Reply Quote 0
        • C
          chriva
          last edited by

          Asamat, thanks for your answer.

          Has anyone ever tryed pfsense without dns service locally enabled?
          What performance degradation (if any) should I expect?

          regards.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            So your clients don't ask pfsense for anything? If your clients are not using pfsense, then sure you could not run any local cache be it the forwarder or the resolver.

            Just to let you know that since there is no local caching NS running, when pfsense goes to query stuff in your alias every 5 minutes whatever is returned would not be cached for the TTL of said record, and would have to be be queried for again most likely.. So every 5 minutes you would be doing external queries for everything in your aliases... Vs say looking up something, and then having the local service caching it for the length of the TTL before having to be queried for again.

            Even if your clients are not using pfsense for name services, prob best to run either the resolver and forwarder so that aliases being used can be cached, and pfsense can cache its own needs - ie checking for updates and packages.

            Are you using dhcp services on pfsense? If you just point pfsense at some external dns - it would not even be able to resolve local hosts either via dhcp entries being placed in the dns.. And would have no way of setting up specific forwards for domains to be able to find your local stuff.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.