Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing DNS Forwarder Traffic

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmester
      last edited by

      I'd like to use the DNS forwarder, but I need pfsense to use a failover gateway (rather than just WAN) for its DNS requests. Is there a way to accomplish this? Can I just make a firewall rule on the LAN that routes all traffic on port 53 from 192.168.1.1 (my pfsense box's IP address) through my failover gateway? Will that rule intercept the DNS forwarder's traffic and route it where I want it? Or dos the DNS forwarder's traffic not go through the firewall rules?

      Thanks a lot.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        please read the faqs and howtos:
        http://devwiki.pfsense.org/OutgoingLoadBalancing

        Notes about DNS

        1. DNS can be controlled by adding advanced outbound NAT entries forcing traffic to X dns server to go out that paticular pipe
          2. Static routes is an alternative to using advanced outbound NAT entries

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          mmester
          last edited by

          Thanks for your help, but that doesn't seem to answer my question. I have in fact read that tutorial (together with the many other conflicting tutorials about load balancing), but it's not clear enough for me to figure out exactly what I need to do. My particular question, instead, was whether a firewall rule would affect the traffic from the DNS forwarder. If anyone can tell me that, I'd appreciate it.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            No.
            Firewall rules apply to traffic which comes IN on an interface.
            If you use policy routing rules they only apply to such traffic.

            Traffic originating from the firewall itself always uses the routing table (* as gateway in a firewall rule).

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • M
              mmester
              last edited by

              Ok, thanks. So I guess the simple method won't work. Can anyone walk me through how to set up the static routes or outbound NAT rules to put the DNS forwarder traffic onto my other gateway? I've read the load balancing tutorials, but they all seem to gloss over this subject and I can't figure out what I'm doing. Thanks.

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                Set a DNS server on the config page.
                Create a static route for the IP of the DNS server to the gateway you want it routed to.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.