  • Hello,

    I am trying to implement a pfsense firewall into our office environment. There is a strange issue I am facing after putting the firewall in place. Here are some details about the setup.



    The pfsense firewall is only doing firewall functionality. I have allowed all tcp and udp traffic outbound from the LAN and the DNS forwarder on PFsense is disabled. DHCP and DNS are being handled by a Microsoft server 2008r2 machines (ip The dns forwarders used on this windows server are and . DHCP is set to use as the dns server.

    When setting the dns servers statically on my laptop to so that I take the internal Windows DNS server out of the equation, dns lookups return quickly and without problems. If I use as the dns server then it takes between 2500ms and 4400ms to do dns lookups.

    Also, the previous setup was the same except that I was using a Sonicwall router instead of a pfsense and I didn't have the dns lookup slowness that I am having now with the pfsense.  I have since plugged the Sonicwall back in and we are working good again.

    I'm fairly new to using windows dns servers wasn't sure if I was missing something here. If anyone had any suggestions, I would most appreciate it.

  • What dns sever is your pfsense looking at?

    Should be your internal 2008 r2 I reckon?

    Sounds like an issue with your 2k8r2 box to me..  If you say you query from your laptop and it works fine.  But your 2k8 box pointing to is slow - does that have anything to do with pfsense.  Pfsense could care if the packets come from your laptop or the server - they are just packets to some IP outside its network on a port be it tcp or udp that is allowed.

    You got a problem with your 2k8 box, or a network connectivity issue between your 2k8 box and pfsense would be my take.

  • Sorry it took so long to respond. Then next round in trying to get this implemented I tried it from my laptop again. This time the dns queries from there were also slow. To fix this issue, I took a backup of the config, did a factory reset on the pfsense machine and then imported back in only the aliases, firewall rules and nat rules. This time, everything went as planned an expected. Realistically, I still don't know what the issue was, but it is obvious that some place there was a configuration issue…

    Still though, thank you very much for your help. :) I have it in place and it took the companies internet speed up from the 65Mb/s up/down up the the 98Mb/s up/down that they should have been getting. Beyond that, it has been stable as I expected it to be.

