<![CDATA[how to make pfsense intercept dns queries]]>Hi all

I've got dns resolver configured on my pfsense.
is there a way to tell pfsense to catch all dns queries, and first see if it has a record thats applicable, and if not then push it out.

thinking it needs to be listening on outbound port 53 queries .

G

]]>https://forum.netgate.com/topic/194858/how-to-make-pfsense-intercept-dns-queriesRSS for NodeTue, 10 Mar 2026 12:03:45 GMTTue, 19 Nov 2024 13:49:17 GMT60<![CDATA[Reply to how to make pfsense intercept dns queries on Tue, 19 Nov 2024 19:41:09 GMT]]>One of my favorite pages on the Netgate Docs-
https://docs.netgate.com/pfsense/en/latest/recipes/index.html
Scroll down to DNS then click on redirecting client Dns.

]]>https://forum.netgate.com/post/1195867https://forum.netgate.com/post/1195867Tue, 19 Nov 2024 19:41:09 GMT<![CDATA[Reply to how to make pfsense intercept dns queries on Tue, 19 Nov 2024 18:44:53 GMT]]>@georgelza said in how to make pfsense intercept dns queries:

is there a way to tell pfsense to catch all dns queries,

Add localhost to the resolvers listening interfaces and redirect all DNS requests to it with a port forwarding rule on all interfaces.
Looks like this in my pfSense:
1a75dd61-a3c8-4c67-aba3-49b804beda04-grafik.png

Internal is an interface group including my internal interfaces.

and first see if it has a record thats applicable, and if not then push it out.

This is the default behavior of the DNS resolver.

]]>https://forum.netgate.com/post/1195854https://forum.netgate.com/post/1195854Tue, 19 Nov 2024 18:44:53 GMT