Unable to use DHCP-assigned DNS servers in multi-WAN setup?



  • Hey

    I've got two completely different internet connections that I've successfully set up to load balance or fail over, I'm still experimenting with what makes most sense since they are quite different in performance one being fiber the other DSL.

    My problem is as follows. I would like to use the DNS servers that I get assigned over DHCP, two per WAN. I could probably set servers manually and uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN" and make it work but that's what I want to avoid.

    One ISP's DNS server(s) are only reachable from their network, so if that is queried it won't ever respond and all is well because as I've understood pfsense will use one of the others and the DNS for that ISP will respond.

    The other ISP however has they're DNS servers configured differently, they are reachable and they're extremely quick to respond that they refuse to accept connections unless the connections are from their own network. This is problematic as this is my secondary ISP and 99.5% of my traffic right now goes through the primary but if pfsense's dns forwarder gets a (very quick) reply from my secondary ISP's DNS servers saying connection refused it seems to pass that on to the clients on my network and DNS is for all intents and purposes down.

    So for example, on a client machine behind pfsense I run this command:
    host google.com 81.26.226.3
    And get:
    Using domain server:
    Name: 81.26.226.3
    Address: 81.26.226.3#53
    Aliases:

    Host google.com.peters.pm not found: 5(REFUSED)

    If I run the command from the same machine bypassing the dns-forwarding and use DNS server associated with that gateway, all is well.

    What I want is that the DNS servers pfsense gets will only be used on the gateway that they've been gotten from, that doesn't seem very unreasonable, right?



  • From what I've read it's preferable to manually configure the DNS servers and specify the gateway, under System -> General Setup, and unchecking "Allow DNS servers…"

    This is how I've configured it in my multi-wan scenario, two vdsl connections with different ISPs. This ensures that queries are routed out the correct gateway mitigating issues you describe.

    Also, it looks like your client device is appending the domain suffix to your query so you should add a full stop after it, e.g. host google.com.


Log in to reply