DNS failover

  • i have the dns forwarder and resolver turned off and specified the dns servers in the DHCP settings.
    (the dns servers in the general settings tab is set to (pihole) and
    my first DNS server is a pi-hole and second dns server is
    but i want to have the hole network use the pi-hole and when the pi-hole is not available then the devices can get a dns request from
    i have already set a few firewall rules as shown2020-02-28.png but these firewall rules allow both dns servers to be used but i want accessible when pihole is turned off.
    i have also specified the 2 DNS servers on the DHCP settings.
    is there a solution for this?

  • LAYER 8

    uhm there is something wrong on that rules
    if the network is you don't need to specify destination
    as you can see states is 0/0
    communication between device inside the same network are direct and do not pass through pfsense

    for the rest of the question, i think the best way would be to use dns forwarder instead as you can't force windows client to behave like you want but i think that you can set pfsense as dns server for all your device and configure forwarding to send request to and

  • @kiokoman thanks for the input!

  • under services > dhcp server. there are 4 spots for DNS servers there.

    wouldn't you just put the PI as the first. as the 2nd to simplify this? and a 3rd if desired?

  • LAYER 8

    sadly not enough, afaik windows doesn't always query the first dns server, iot stuff like for example google nest take in consideration only the first dns

  • @kiokoman said in DNS failover:

    windows doesn't always query the first dns server

    Correct it does not. Windows queries the "last successful" DNS server first. Other OSs query DNS servers in order. Notably, on a Windows Server domain the domain DNS should always be queried because public DNS doesn't know about the LAN network.

Log in to reply