DNS Query Refused over IpSec

  • Hi,
    I have Pfsense running on an XG-7100 1U running the default Unbound DNS resolver. All the clients on the LAN side, and connected via OpenVPN are able to resolve dns queries without any issue.

    However, I also have an IpSec site-to-site link set up with an Azure Virtual Network. Connections work fine, i.e. I can connect from and to any host on either side. However dns queries coming from the Azure side get a response: "Query refused"

    I've confirmed that the DNS resolve settings have "Network Interfaces" set to "All" Is there anything else I should set in order to allow resolving queries coming from the IpSec network?


  • Rebel Alliance Developer Netgate

    In the DNS Resolver settings, add entries on the ACL tab to allow access for the other subnet(s)

  • Ah, that fixed it! Thanks for the quick response!

Log in to reply