Prevent ISP from adding DNS servers via WAN DHCP

jhg

My ISP is Comcast/Xfinity, and they insert their own DNS servers into my pfSense/unbound's upstream server list. I would like to prevent that, and found under System/General Setup/DNS Server Settings:

Allow DNS server list to be overridden by DHCP/PPP on WAN or remote OpenVPN server
If this option is set, pfSense will use DNS servers assigned by a DHCP/PPP server on WAN or a remote OpenVPN server (if Pull DNS option is enabled) for its own purposes (including the DNS Forwarder/DNS Resolver). However, they will not be assigned to DHCP clients.

Problem is, I'd like to prevent WAN DHCP from adding to my DNS servers, but allow OpenVPN to do so. From the wording here it looks like it's both or neither, at least from the GUI.

Is it possible to configure this in a more fine-grained way to achieve my objective?

johnpoz

@jhg not like everyone doesn't know what the comcast dns servers are - they have been the same IPs for years and years. 75.75.75.75 and 75.75.76.76, ipv6 2001:558:feed::1 and ::2

So don't let dhcp override - and manually set them to hand out to your openvpn in the vpn settings.