• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trying to make sense of dns forwarding (noob question)

Scheduled Pinned Locked Moved DHCP and DNS
2 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Paul47
    last edited by Mar 10, 2013, 2:22 AM

    I was looking at these two wiki entries:

    DNS Forwarder

    Blocking DNS queries to external resolvers

    Specifically:

    If the DNS forwarder is enabled, the internal interface IP for pfSense will be handed out to DHCP clients for a DNS server. If the DNS forwarder is disabled, your system's currently configured DNS servers will be handed out instead.

    So… the DHCP clients receive either the pfSense Lan address, and pfSense forwards the client DNS requests to its configured servers for them; or the DHCP clients receive the configured servers that they can access directly? Guess I don't see the point, outside of not having to configure public DNS servers in the client machines, but you don't have to do that with DHCP anyway. So there is no point? Or is pfSense caching those DNS requests if the forwarder is turned on? Is caching the point?

    Also, what happens with static addressing? In the 2nd link above, does that dodge work for static addressing too? In other words if your user wants to use an "anything goes" DNS so he can look at porn at work, and you'd rather steer him to OpenDNS, that method will work? Will he have to change his DNS server setting to the pfSense lan address, to see any internet at all?

    1 Reply Last reply Reply Quote 0
    • W
      wallabybob
      last edited by Mar 10, 2013, 3:49 AM

      @Paul47:

      Or is pfSense caching those DNS requests if the forwarder is turned on?

      Yes.

      @Paul47:

      Is caching the point?

      Yes, generally. The DNS forwarder can also be used to apply local host name overrides, for example, point the name of the server of banner ads to a "non-existent" IP address or to a host that will quickly give a NULL reply.

      @Paul47:

      Also, what happens with static addressing? In the 2nd link above, does that dodge work for static addressing too? In other words if your user wants to use an "anything goes" DNS so he can look at porn at work, and you'd rather steer him to OpenDNS, that method will work?

      Automatic if user configures by DHCP and has no local DNS overrides. If user has local DNS overrides (or configured DNS because they have static IP address) they will find they suddenly can't access their name server and will probably have to squeal for help.

      @Paul47:

      Will he have to change his DNS server setting to the pfSense lan address, to see any internet at all?

      Yes if he wants to resolve hostnames (e.g. wants ping www.google.com to "work"); no if he is content to use IP addresses.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received