DNS Forwarder VS setting firewall-rules to direct request to your own DNS server
I've got a machine setup to act as DNS server. `m planning
to use the router's public ip as its public IP.
router -> pfsense -> my DNS server.
router's DMZ has been setup so that it forwards request to pfsense.
I'm thinking that I should be able to define a new firewall rules
that's basically saying:
WAN -> LAN .. source:* mydnsserver:53
and vice-versa from LAN->WAN
I couldn't make it work. There seems to be other rules that blocks
for some reason.
Another solution that I'm thinking is to define the DNS forwarder feature
in pfsense. Though I don't really have a clue what this does ?
Could someone help ?
The DNS forwarder is simply a dns cache that will resolve dns requests that it doesn't have in it's cahe thorugh the dns servers specified at system>general. You can make some custom resolutions by entering speciaal dns servers for special domains or overriding some hostnames by using static mappings.
so, does this mean the dns forwarder on pfsense is likely to crash if used extensively?
and so, if wanting to use it extensively, use firewall rules?
Define extensively, I think to answer the overall question.
until now i did not have a single problem with that dns-forwarder and believe me: it is used like hell here :-)
i have 500 clients behind out own 2 DNS-Servers and both of them use pfSenses DNS forwarder as the next DNS-hop… it runs... no crashs...
use it and have fun !!! :D