Get all DNS traffic routed through pi-hole and block all other DNS queries

  • I am trying to get all LAN DNS traffic routed through a raspberry pihole. I have both the netgate appliance and pihole sending logs to splunk and I can see that LAN DNS queries are directed to the gateway BUT there are no queries coming from my pihole and all the DNS traffic seems to be going out the WAN interface (challenge #1).

    I created a FW filter to attempt to block all 'unauthorized' outbound DNS queries but the rule for the WAN doesn't seem to do anything. I would like all DNS queries to only be allowed to the Internet from the pihole (challenge #2). This seems like a straightforward use case and I am probably missing something easy here...any guidance is appreciated, thanks!

  • Galactic Empire

    This post is deleted!

  • Disable DNS Resolver

    Enable DNS Forwarder

    Edit System - General Setup - DNS Server Settings so that it only has the IP address of your pihole

    Redirect all LAN-based DNS requests to pfSense:

    You could also keep using DNS Resolver instead of DNS Forwarder, but select the option to run it in forwarding mode.

    You put firewall rules on the interface that the traffic enters, not exits, so your DNS rules on WAN are useless.

  • Thanks! I followed your second recommendation and just put the resolver in forwarding mode as that seemed the easiest and is working as expected!

Log in to reply