Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder VS setting firewall-rules to direct request to your own DNS server

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      networknoob
      last edited by

      Hi all,

      I've got a machine setup to act as DNS server. `m planning
      to use the router's public ip as its public IP.

      router -> pfsense -> my DNS server.

      router's DMZ has been setup so that it forwards request to pfsense.

      I'm thinking that I should be able to define a new firewall rules
      that's basically saying:

      WAN -> LAN .. source:* mydnsserver:53
      and vice-versa from LAN->WAN

      I couldn't make it work. There seems to be other rules that blocks
      for some reason.

      Another solution that I'm thinking is to define the DNS forwarder feature
      in pfsense. Though I don't really have a clue what this does ?

      Could someone help ?

      Thanks,

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        The DNS forwarder is simply a dns cache that will resolve dns requests that it doesn't have in it's cahe thorugh the dns servers specified at system>general. You can make some custom resolutions by entering speciaal dns servers for special domains or overriding some hostnames by using static mappings.

        1 Reply Last reply Reply Quote 0
        • K
          kattoz
          last edited by

          so, does this mean the dns forwarder on pfsense is likely to crash if used extensively?
          and so, if wanting to use it extensively, use firewall rules?

          Kaz

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            Define extensively, I think to answer the overall question.

            1 Reply Last reply Reply Quote 0
            • T
              trendchiller
              last edited by

              until now i did not have a single problem with that dns-forwarder and believe me: it is used like hell here :-)

              i have 500 clients behind out own 2 DNS-Servers and both of them use pfSenses DNS forwarder as the next DNS-hop… it runs... no crashs...
              use it and have fun !!!  :D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.