Default DNS not sent in DHCP packages to client

larslindnilsson · Jul 30, 2023, 5:11 PM

I'm testing 2.7.0 in a lab setup, and it looks like no DNS information is included in the DHCP packages sent to clients.

DNS Resolver and DNS Forwarder are both disabled. And I have not filled out any DNS entries in the DHCP Server. This should make it fall back to the DNS settings obtained dynamically.

"Leave blank to use the system default DNS servers: The IP address of this firewall interface if DNS Resolver or Forwarder is enabled, otherwise the servers configured in General settings or those obtained dynamically."

Under System Information the upstream gateway IP is shown under DNS server(s), which is what I would expect.

Clients on the LAN interface can ping the upstream gateway IP and I can do do DNS requests directly against that IP (dig @x.x.x.x). But a normal DNS request just tries against 127.0.0.1 (where no DNS server is running).

Have I found an error, or have I misunderstood how the DHCP server finds the default DNS?

Gertjan · Jul 31, 2023, 6:24 AM

@larslindnilsson said in Default DNS not sent in DHCP packages to client:

otherwise the servers configured in General settings or those obtained dynamically."

What have you set here :

?

larslindnilsson · Aug 1, 2023, 6:17 AM

@Gertjan
It looks like this:

With DNS Server Override checked. This was the default setting when I installed pfSense. The only thing I changed in the GUI after the install was disabling the DNS Forwarder.

Reading the text under DNS Server Override it says that this will not be used for DHCP Clients. But that kinds of contradicts what was written under the DHCP Server.

Gertjan · Aug 1, 2023, 6:17 AM

@larslindnilsson said in Default DNS not sent in DHCP packages to client:

With DNS Server Override checked. This was the default setting when I installed pfSense.

When connecting to the ISP use pppoe, pfSense will (normally) receive two DNSes from the ISP, these will be the ones stored in /etc/resolv.conf, if this option is checked.
The same thing for a DHCP WAN connection : a DHCP mostly will contain a DNS or two : these will be stored in /etc/resolv.conf
Both situations are quiet historical and not really used anymore as pfSense doesn't need them : it used unbound as a resolver.

I'm pretty sure this option is disabled (not checked) by default.

@larslindnilsson said in Default DNS not sent in DHCP packages to client:

The only thing I changed in the GUI after the install was disabling the DNS Forwarder.

Noop.
The build in pfSense forwarder (dnsmasq) is there or ancient reasons.
By default, unbound, the resolver, is used in resolver mode. So the resolver is activated.
pfSense (DNS) is not forwarding by default and there is a reason for this : an upstream router might propose a DNS, or not. An ISP might hand over a DNS, or not.
One thing is sure : these DNS servers will work for you, whatever the connection is. So that is the default mode.

Btw : pfSense is doing DHCP(v4) and you have de activated all pfSense DNS facilities (no resolver, no forwarder).
I tend to understand that it can't give a 'DNS' IP to it's DHCP clients.

larslindnilsson · Aug 2, 2023, 10:49 AM

@Gertjan said in Default DNS not sent in DHCP packages to client:

I'm pretty sure this option is disabled (not checked) by default.

I just did a new install of pfSense and in the Wizard step "DNS Server Override" was checked.

@Gertjan said in Default DNS not sent in DHCP packages to client:

By default, unbound, the resolver, is used in resolver mode. So the resolver is activated.

My mistake. In the reinstall I can see that the resolver is running and not the forwarder. I did have to restart the resolver service to get it to work properly. Before restarting the service the DNS server replied "WARNING: recursion requested but not available" when I made requests from a LAN client. But other than that, I got a working setup by leaving the default values during the install.

I still think that the help text under DNS servers in the DHCP server setup can be a little confusing.

But now I have a much better understanding of the DNS setup in pfSense. Thank you.

Gertjan · Aug 2, 2023, 11:23 AM

@larslindnilsson said in Default DNS not sent in DHCP packages to client:

I just did a new install of pfSense and in the Wizard step "DNS Server Override" was checked.

So it's me miss understanding /conf.default/config.xml :

<?xml version="1.0"?>
<pfsense>
	<version>22.2</version>
	<lastchange/>
	<system>
		<optimization>normal</optimization>
		<hostname>pfSense</hostname>
		<domain>home.arpa</domain>
		<dnsserver/>
		<dnsallowoverride/>

The last line actually means : the option is checked (active)

When I check it myself :

		<dnsallowoverride><dnsallowoverride/>

When unchecked, there is no "dnsallowoverride" present in the config.xml file

Not sure if this default config xml actually gets used, as using option 4 "Reset to factory defaults " in the console/SSH downloads a pfSense package that probably also contains a default config.

Anyway : when resolving, the DNS given to pfSense from the upstream ISP router, or ISP itself :=> don't care ^^