Not able to enable DNS forwarder for all the VLANS



  • Hi everyone,
            I have created 4 vlans and have configured DHCP server for each vlans and integrated that to a cisco L2 switch. Now when a pc is connected to the port, It gets IP address through the DHCP released by the respective vlan. Now even if the pc is part of the network and is able to ping the pfsense, There is no internet access on all the vlans. When I try to do the DNS forwarder I get the error, "The DNS Resolver is enabled using this port, Choose a non-conflicting port or disable DNS Resolver". I realise there is a minor hiccup, But don;t know what it is? Please help me on this friends..
    ![dns forwarder error.png](/public/imported_attachments/1/dns forwarder error.png)
    ![dns forwarder error.png_thumb](/public/imported_attachments/1/dns forwarder error.png_thumb)


  • LAYER 8 Global Moderator

    You can not use the resolver and forwarder at the same time..  Disable the resolver if you want to use the forwarder.

    Are you wanting to use the resolver on some vlans and forwarder on other vlans?  Not sure if that is possible, but maybe since you can select what interfaces forwarder and resolver listen on.. So you could have say forwarder on lan, and resolver on vlan – maybe???

    edit: Nope just tried, can't do it - atleast not with the gui.. I disabled resolver on my wlan_guest interface and then tried to bring up forwarder on just that interface and error..



  • Thank you very much for your reply. Yes I have disabled the DNS Resolver. Still it gives the same error. I hope if the DNS Forwarder is enabled for all the Vlans, There will be internet access in all the VLans.


  • LAYER 8 Global Moderator

    Well why wouldn't the resolver work for you??  if its not letting you enable it, I would guess that the resolver is still running.

    Not sure what vlans have to do with either the forwarder or resolver..  I can tell you I have multiple vlans and resolver works just fine on all of them.

    common mistake users make when they bring up a new vlan is forget to create the rules..  Or have seen quite a few times just tcp vs any… Well dns uses UDP, so internet not going to work if you can not query dns on pfsense for www.google.com, etc.. since it would be via udp and you only have rule for tcp..

    Why don't you post up rules you have on one of these vlans that is not working.



  • Okay I will post the screenshot after disabling it. Once again thank you for your kind help.


Log in to reply