Configuring external DNS requests
-
In the pfSense documentation, I read about 2 methods that can be used to effectively route all LAN external DNS requests to pfSense to resolve. It appears I could use either since I’m using DNS Resolver with forwarding disabled. I’m unsure when one might be preferred over the other?
1). Firewall rules to block external DNS requests and pass them to pfSense:
https://docs.netgate.com/pfsense/en/latest/dns/blocking-dns-queries-to-external-resolvers.html2). Use a port forward yo redirect all requests to pfSense:
https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html -
Method 1 is useful if specific LAN clients need to use a specific 3rd-party DNS for whatever reason. You block all external DNS and then create rules to let some LAN clients reach out to some other DNS.
Method 2 is more generic and less flexible. It redirects all DNS requests to pfSense. For most LANs, this is what you want.