DNS Resolver Network Interfaces
I am puzzled by one point in the setup configuration while installing pfSense for the first time. Specifically, in the section pertaining to "Services:DNS Resolver" for Network Interfaces, we are allowed to decide on "Interface IPs used by the DNS Resolver for responding to queries from clients." The options include these: All, WAN, LAN or Localhost. My question is why, under what circumstances, would I want to allow pfSense to respond to queries from the WAN? I mean, if I am not mistaken, would not all the clients be querying from the LAN, or possibly from Localhost depending on the setup. How or why would it be from the WAN?
Could it be the case that I would allow a remote client to query the DNS server in pfSense if it were configured with a public facing WAN IP? Thanks.
If you don't open port 53 on WAN interface firewall then you don't have to worry.
Not what he was asking at all… Yes Wheeler all setups are different, while I agree generally you wouldn't allow dns queries to your wan. But maybe someone is using pfsense inside their network and not even natting and just using it as a downstream router/firewall.. And in that case maybe they want queries to the wan, etc..
i64ru last edited by
Please tell me how to make the names of local computers have the original look and not p44-harc2-renfrew4.tch.dtn.ntl.com , ****.static.virginm.net
@wheeler While I cannot recommend it, I have at times considered opening for DNS quieries on my Public IP/WAN interface. That way I could hardcode all my mobile clients to use my public IP as DNS, and “always” have the benefit of pfBlockerNG filtering. The browsable internet is borderline unusable under normal circumstances, once you have gotten use to such an effective add blocker :-)
But don’t - use VPN instead.