Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Few questions about DNS resolver

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 524 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      enesas
      last edited by

      Hello,
      -I'm using dns resolver to filter with pfblockerng in pfsense. (I've added a rule to deny other dns requests) but dns resolver may stop from time to time. In this case, no one can access the sites.
      is there a way to get around this?

      • Is dns resolver required for filtering at the application layer (eg pfblockerng)
        Can't I do this job using public DNS?

      -If it is necessary to use DNS resolver, what rule should I add so that users can access the internet when DNS resolver does not work/stops or restarts?

      -How can it do without DNS resolver in firewalls running at the application layer. Or are they actually using DNS forwarding/resolve?

      -Does DNS resolver or DNS forwarder make more sense?

      The community that makes pfsens love, thanks in advance for your answers. :)

      R S 2 Replies Last reply Reply Quote 0
      • R Offline
        rcoleman-netgate Netgate @enesas
        last edited by

        @enesas said in Few questions about DNS resolver:

        Is dns resolver required for filtering at the application layer (eg pfblockerng)
        Can't I do this job using public DNS?

        DNSResolver (unbound) is using public DNS - it uses the DNS root servers to do the checking.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @enesas
          last edited by

          @enesas Resolver is needed for pfBlocker DNSBL but not block feeds.

          What is shown in the system or Resolver log when it stops? It should not stop/die, but may restart occasionally especially if you have DHCP set to register hostnames in DNS.

          Forwarder only sends queries on to the configured DNS servers.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          E 1 Reply Last reply Reply Quote 0
          • E Offline
            enesas @SteveITS
            last edited by

            @steveits @rcoleman-netgate
            I recently had a DNS resolver that restarts in 1-2 hours. Many people were victims until we solved it. Latest pflockerng > dnsbl > Resolver Live Sync
            Checking the feature fixed the problem. Of course it took time to find it.

            These and similar problems can happen from time to time. that's why I asked.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.