DNS Resolver Network Interfaces

  • I am puzzled by one point in the setup configuration while installing pfSense for the first time. Specifically, in the section pertaining to "Services:DNS Resolver" for Network Interfaces, we are allowed to decide on "Interface IPs used by the DNS Resolver for responding to queries from clients." The options include these: All, WAN, LAN or Localhost. My question is why, under what circumstances, would I want to allow pfSense to respond to queries from the WAN? I mean, if I am not mistaken, would not all the clients be querying from the LAN, or possibly from Localhost depending on the setup. How or why would it be from the WAN?

    Could it be the case that I would allow a remote client to query the DNS server in pfSense if it were configured with a public facing WAN IP? Thanks.

  • If you don't open port 53 on WAN interface firewall then you don't have to worry.

  • LAYER 8 Global Moderator

    Not what he was asking at all…  Yes Wheeler all setups are different, while I agree generally you wouldn't allow dns queries to your wan.  But maybe someone is using pfsense inside their network and not even natting and just using it as a downstream router/firewall..  And in that case maybe they want queries to the wan, etc..

Log in to reply