How to configure PFSense to use my own local DNS

lmartinez073 · Jun 12, 2015, 3:19 PM

Hi

I need your help, I have my own local DNS, do you know how can I configure PFSense to use it, my local DNS has the ip and domains of my local servers and also resolves internet.

Thank you for your help.

KOM · Jun 12, 2015, 4:21 PM

System - General Setup - DNS Servers.

lmartinez073 · Jun 12, 2015, 5:07 PM

Hi

I did try that but it looks like still taking another DNS

lmartinez073 · Jun 12, 2015, 5:15 PM

A little of more detail, I want my LAN to use an specific DNS Server.

KOM · Jun 12, 2015, 5:19 PM

Bear in mind that the servers listed in DNS Servers are only used if someone uses your pfSense LAN IP for their DNS. ANyone can use any DNS serverthey want via their TCP/IP settings. To stop this, you need to block LAN TCP port 53 so that nobody can use external DNS. Either that or you can transparently direct their DNS traffic to your own DNS server by using a NAT to forward all TCP port 53 traffic on LAN to the IP address of your DNS server.

mer · Jun 12, 2015, 7:53 PM

are your LAN clients DHCP, getting DHCP from the pfSense box? If so, sounds like a simple way of forcing your clients to use your DNS server.

NOYB · Jun 12, 2015, 8:07 PM

Wouldn't the DHCP and DNS forum be more appropriate place for this thread?

KOM · Jun 12, 2015, 8:13 PM

Wouldn't the DHCP and DNS forum be more appropriate place for this thread?

No. He said nothing about DHCP, and his DNS question was a general question and not specifically about the pfSense DNS Forwarder or Resolver. More of a firewall/NAT issue actually if anything. He wants to force users to use his existing non-pfSense DNS.

lmartinez073 · Jun 15, 2015, 3:16 PM

Hi

Yes, I want to force LAN users to use my DNS located in the DMZ, I read about blocking the port to force PFSense to use the DNs inthe General configuration, does this works?

KOM · Jun 15, 2015, 3:32 PM

I read about blocking the port to force PFSense to use the DNs inthe General configuration, does this works?

You're a little bit confused. You don't block ports to force pfSense to do anything. You block the ports to stop your users from using any external DNS. SO, as I said earlier, you can either block TCP 53 and then make them manually set their DNS to yours, or serve it via DHCP if you're running that service, or create a NAT rule to forward all traffic on TCP 53 to your DNS server IP address.

robertn · Jun 16, 2015, 5:40 AM

What I've done on my network is configure DHCP to supply the pfSense system as the primary DNS (and my local servers as secondary and tertiary in case pfSense system is down). Then on pfSense I set DNS Resolver (Unbound) to forward DNS requests for my local domain to my DNS servers. Its not exactly what you asked but I think it accomplishes the same goals. Plus it allows pfSense to act as a cache and it knows the upstream (ISP) DNS servers.