OpenDNS pfsense problem



  • The pfsense that we're currently using uses an opendns DNS. Is it safe to remove the DNS of pfsense while still enabling Internet access?



  • As long as your clients have a DNS server set with which they can resolve names i don't really see a problem.
    The system will probably no longer be able to set it's time since it cannot resolve the address to the NTP server.



  • So, what DNS should I set for all the clients and the pfsense router?

    Should I use our ISP's DNS Server in Pfsense instead of ODNS or should I just leave this part blank?



  • @unregistered00:

    Should I use our ISP's DNS Server in Pfsense instead of ODNS or should I just leave this part blank?

    Depends how you want the DNS to behave. OpenDNS can be setup to block name to address translations of sites known to host various categories of "nasty" web sites.  See http://www.opendns.com for more information.



  • Be carefull if your using it just for free.  It does block many DNS sites that you may not want blocked.  You would then have no controll.  Googles 8.8.8.8 and level 3s 4.2.2.1  are pretty open and unrestricted.  Just FYI



  • @deresistance:

    Be carefull if your using it just for free.  It does block many DNS sites that you may not want blocked.

    Can you explain this in more detail. I use free-OpenDNS-account since 1 Year. It filter/block only sites I've setup to block. This is the reason why I use it …. can block bad sites without create a manual blocklist.



  • I find the 4.2.2.x DNS servers response time to fluctate quite a bit, I have much better luck with Google's 8.8.8.8 and 8.8.4.4

    Keep in mind, if you remove DNS from the pfSense box, you won't be able to contact the pfSense package repository either.



  • Is it possible that OpenDNS and Google's DNS could slow down the Internet bandwidth?



  • Unlikely.  An easy way to test would be to just tell the pfSense DHCP server to hand out 8.8.8.8 and 8.8.4.4 as client DNS servers instead of pfSense's own address.  I do that in Windows Active Directory environments when the DNS server needs to be the Windows Domain controller.

    -M@


Log in to reply