• I wanted to add a couple of additional options to the built in DNS forwarder (dnsmasq). Having searched for previous posts, FAQs and How-To's on the subject and not found any definitive answers, I eventually just tried creating a dnsmasq.conf in the usual place (for a FreeBSD system, which is /usr/local/etc/dnsmasq.conf) and, lo-and-behold, it worked without a hitch. :)

    It should be noted that, for most people, the default options and those configured through the webGUI look like they will be quite sufficient, so don't try this unless you know what options you want and why.

    Assuming I've interpreted this correctly (and I may well have missed something), dnsmasq is started after booting through /etc/inc/services.inc, which calls /usr/local/sbin/dnsmasq.  When run, services.inc checks the saved config in order to determine what command line arguments should be appended to the dnsmasq call.  By default, the "-l" (specify the dhcp lease file) and "-s" (set the domain used for dhcp clients) options are called, along with whatever is set in config…xml for those options, and optionally, the "--server=...." option is appended if any domain* overrides have been specified.

    According to the man page for dnsmasq, it will read dnsmasq.conf on startup (from the default location) and will use those settings in preference to command line options (although my desired parameters do not conflict with the above options).

    pfSense 1.2.2 (embedded) has no dnsmasq.conf - and I suspect the full version doesn't have one either - since it sets command line options as above.

    Creating dnsmasq.conf is easy:
    1. In the webGUI, go to Diagnostics > Edit File;
    2. In the Edit File file contents window, type the configuration options you want, one per line (see links below);
    3. In the Save/Load from path field, type /usr/local/etc/dnsmasq.conf and hit Save;
    4. In Status > Services, restart dnsmasq.

    Available configuration options are described at:

    (* If you're wondering where individual host overrides come from, from what I can see: an earlier startup script file, /etc/inc/system.inc, reads dnsmasq's host override entries from the saved config…xml and writes them to /var/etc/hosts. When dnsmasq starts up, it reads hosts entries from /var/etc/hosts).

  • http://forum.pfsense.org/index.php/topic,11159.0.html
    You mean create dsnmasq configuration like above link?
    I use this configuration with 1.2.3RC2 as well. Now I don't need to change the startup process order.
    I did change the two inc files in "/etc/inc".
    "system.inc" to add Opendns to the dns nameservers in "/var/etc/resolv.conf"

    "pfsense-utils.inc" to point to "/var/etc/resolv.conf"
    (or else the dashboard will point to /etc/resolv.conf (symb.link to /var/etc/resolve.dnsmasq –> ).

    function get_dns_servers() {
    	$dns_servers = array();
    	$dns = `cat /var/etc/resolv.conf`;
            /**** CHANGED to /var ****/

    I need to do this each time I install a newer full update build of the pfsense 1.2.3RC2 release