Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitor Outbound DNS requests

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 801 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TreeStomp
      last edited by

      So NextDNS offers the ability to monitor outbound DNS requests, but to do this requires an account.

      Is it possible to see all outbound DNS requests through pfSense?

      S GertjanG 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @TreeStomp
        last edited by

        @treestomp There's a Log Level setting on the DNS Resolver advanced settings page.

        With DNS over HTTP and the like if you want to capture all queries you'll probably need to block those types of services.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @TreeStomp
          last edited by

          @treestomp

          Or learn what Diagnostics > Packet Capture can do for you.
          You could scan the WAN interface, port 53.
          You would wind up having huge files, with mostly, if not all, DNS outbound traffic and the answers coming back.

          These files can be fed into wireshark to make stats, see details etc.

          Or force all your LAN based clients to use pfSense unbound, the resolver. Add pfBlockerNG-devel so it can make lists and charts for you.
          No need to set up any filtering or blocking pfBlockerNG-devel, just use it as your DNS scanner, although I would advise you to activate the "DoH/DoT Blocking List".

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          T 1 Reply Last reply Reply Quote 0
          • T
            TreeStomp @Gertjan
            last edited by

            @gertjan Gotcha cool thanks for the reply. If OpenVPN is on for the entire network, does DoH/DoT still have an effect or it's encrypted to the VPN anyway?

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @TreeStomp
              last edited by

              @treestomp said in Monitor Outbound DNS requests:

              does DoH/DoT still have an effect or it's encrypted to the VPN anyway?

              Nearly all traffic is already TLS these days, so VPN "to protect your data" is not needed.
              The exception is of course classic DNS traffic.

              DoH is more a DNS generated by the end user client's application : even your router, pfSense, can't "see" it. pfBlockerNG can only block it, if it's a known DoH endpoint server.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.