DNS Forwarder VS setting firewall-rules to direct request to your own DNS server



  • Hi all,

    I've got a machine setup to act as DNS server. `m planning
    to use the router's public ip as its public IP.

    router -> pfsense -> my DNS server.

    router's DMZ has been setup so that it forwards request to pfsense.

    I'm thinking that I should be able to define a new firewall rules
    that's basically saying:

    WAN -> LAN .. source:* mydnsserver:53
    and vice-versa from LAN->WAN

    I couldn't make it work. There seems to be other rules that blocks
    for some reason.

    Another solution that I'm thinking is to define the DNS forwarder feature
    in pfsense. Though I don't really have a clue what this does ?

    Could someone help ?

    Thanks,



  • The DNS forwarder is simply a dns cache that will resolve dns requests that it doesn't have in it's cahe thorugh the dns servers specified at system>general. You can make some custom resolutions by entering speciaal dns servers for special domains or overriding some hostnames by using static mappings.



  • so, does this mean the dns forwarder on pfsense is likely to crash if used extensively?
    and so, if wanting to use it extensively, use firewall rules?

    Kaz



  • Define extensively, I think to answer the overall question.



  • until now i did not have a single problem with that dns-forwarder and believe me: it is used like hell here :-)

    i have 500 clients behind out own 2 DNS-Servers and both of them use pfSenses DNS forwarder as the next DNS-hop… it runs... no crashs...
    use it and have fun !!!  :D


Locked