How to Change DNS Resolver listening port without losing internet?
-
So I am not to knowledgable but I have a question. I need to know how to change the dns resolver listening port from 53 to another number without losing internet. The reason for this I am trying to install ADGuard on pfsense and well every time i change the port from 53 to 5353 my internet stop working.
Can anyone please help.
Sorry for my noobness
-
@kilasin You should't lose Internet, but you will lose DNS resolution for the time it takes unbound to restart on the new port. That ought to be pretty quick though. Plus shouldn't changing the port be a one-time thing?
-
@kilasin why would you change it to 5353? That is the mdns port.. Where would you have gotten the idea that you could install adguard on pfsense? That for sure is not an approved package..
Your free to do what you want, but I wouldn't be installing 3rd party packages on my firewall.. Why not just run it on something else in your network, a vm or a docker even? Maybe a rasberry pi, etc.
edit:
Looking over a simple guide that adguard is running on 5353, you don't change unbound port.. Your adguard is prob not working would be my first guess. -
@johnpoz Thanks for your input I just wanted to have everything on the firewall to be honest. I am using a VM for pfsense in unraid. So just trying new things see what can work. If i cannot get it to work i will go the Pi route.
Regarding the 5353 port thats what i change in the DNS Resolver in pfsense not adguard since AD Guard uses port 53.
Any input would be helpfull
-
@TheNarc I tried that i left it there for a bit and it never updated for some reason and my internet was down completely. Not sure if by having pfsense run as a vm in unraid is the problem or not.
Best Regards
-
@kilasin said in How to Change DNS Resolver listening port without losing internet?:
I need to know how to change the dns resolver listening port from 53 to another number without losing internet
You don't.
That would be like firing up a web server on the Internet, and have it listing on port 444 instead of 443.
Nobody would find you - nobody would visit your site.
DNS listens on port '53' (UDP and TCP).Still, as an exercise, it can be done.
Example : have unbound (resolver) listen on port '54'.
Now, dive into the Microsoft settings (registry etc) and find the place where this port '53' is defined. It probably exists !
Change it to port 54. Suddenly, you PC can find host names again ... DNS works !
Now try doing the same thing with your phone .... or some obscure connect doorbell : you probably can't as the number '53' is hard coded.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan That makes sense because i did try this and it worked that way but changing each device on my network for that was not appealing to me lol. Thank you for info !
-
What guide did you read? Because the one I found you don't change the unbound port.. adguard listens on 5353.. and you point pfsense to 5353.. And you forward to adguard in unbound via a custom option box to port 5353.
Your clients would still ask unbound on 53, and then unbound would forward to adguard.
You run pfsense as a vm currently - then why wouldn't you just fire up another vm for adguard, or just run a docker? That way your not messing with any code on your actual pfsense box?
-
@johnpoz I tried following this guys video https://www.youtube.com/watch?v=ReSE3Bn5dFQ&t=11s. Like i said before just wanted to see if i can put all this stuff in pfsense but you are right. I decided to put it in a rasberry pi seperately. Works like a charm to be honest and less hassle. I didnt want to put it into another VM as I am running a few already in UNRAID so didnt want to stress it but this was interesting. I still would like to know how this guy made it to work in pfsense to be honest but I will do that when I have more time.
