Routing DNS Forwarder Traffic

  • I'd like to use the DNS forwarder, but I need pfsense to use a failover gateway (rather than just WAN) for its DNS requests. Is there a way to accomplish this? Can I just make a firewall rule on the LAN that routes all traffic on port 53 from (my pfsense box's IP address) through my failover gateway? Will that rule intercept the DNS forwarder's traffic and route it where I want it? Or dos the DNS forwarder's traffic not go through the firewall rules?

    Thanks a lot.

  • please read the faqs and howtos:

    Notes about DNS

    1. DNS can be controlled by adding advanced outbound NAT entries forcing traffic to X dns server to go out that paticular pipe
      2. Static routes is an alternative to using advanced outbound NAT entries

  • Thanks for your help, but that doesn't seem to answer my question. I have in fact read that tutorial (together with the many other conflicting tutorials about load balancing), but it's not clear enough for me to figure out exactly what I need to do. My particular question, instead, was whether a firewall rule would affect the traffic from the DNS forwarder. If anyone can tell me that, I'd appreciate it.

  • No.
    Firewall rules apply to traffic which comes IN on an interface.
    If you use policy routing rules they only apply to such traffic.

    Traffic originating from the firewall itself always uses the routing table (* as gateway in a firewall rule).

  • Ok, thanks. So I guess the simple method won't work. Can anyone walk me through how to set up the static routes or outbound NAT rules to put the DNS forwarder traffic onto my other gateway? I've read the load balancing tutorials, but they all seem to gloss over this subject and I can't figure out what I'm doing. Thanks.

  • Set a DNS server on the config page.
    Create a static route for the IP of the DNS server to the gateway you want it routed to.

Log in to reply