0

PFSense - DNS Resolvers Not Working

I followed the directions and added the following to my PFSense router.   None of my clients are using NextDNS.  Are there any other settings I need to change for this work?

Thank you!

server:
  forward-zone:
    name: "."
    forward-tls-upstream: yes
forward-addr: 45.90.28.0#bf4721.dns1.nextdns.io
    forward-addr: 2a07:a8c0::#bf4721.dns1.nextdns.io
forward-addr: 45.90.30.0#bf4721.dns2.nextdns.io
    forward-addr: 2a07:a8c1::#bf4721.dns2.nextdns.io

6 replies

null
    • seedoo
    • 3 yrs ago
    • Reported - view

    Follow up questions.  Does the above configuration only apply to traffic from the router specifically? I added the specified DNS servers to be published to my DHCP clients.  When I navigate to my configuration page for NextDNS, it see a message that states:

    This device is using NextDNS with no configuration.

    Make sure to link your IP address in the Linked IP section below.

    Do all clients (Windows, Mac, IOS, etc) need to have individual installs? 

    • Bhusan_Gupta
    • 3 yrs ago
    • Reported - view

    On PFSense are you using the DNS Resolver or DNS Forwarder? If you added the above code to the box in the DNS Resolver under Custom Options, make sure that your Resolver is enabled. 

    Also did you uncheck the option under System:General:Allow DNS server list to be overridden by DHCP/PPP on WAN?

    Personally, I installed the the cli client on to my pfsense box and don't use either the DNS Resolver or Forwarder. That way I get machine names in my NextDNS logs.

    • seedoo
    • 3 yrs ago
    • Reported - view

    I added this to the DNS Resolver and the checkbox for enabled is selected.

    I unchecked "Allow DNS server list to be overridden by DHCP/PPP on WAN" and saved the setting.  I renewed my lease on my Windows workstation and the new DNS servers are listed, but on the setup page of NextDNS, it says "This device is using NextDNS with no configuration. Make sure to link your IP address to the Linked IP section below." 

    Does this mean I still need to install the client?

    • Bhusan_Gupta
    • 3 yrs ago
    • Reported - view

    If you are using Unbound as your DNS resolver (default for Pfsense), then you don't need the client (I find that the client install results in faster DNS lookups than using Unbound). The configuration that you added seems a little bit strange: 45.90.28.0#xxxxxx.dns1.nextdns.io (I xxx'ed out your config pointer) as the address ends with .0? Did you restart the DNS resolver? 

    • Bhusan_Gupta
    • 3 yrs ago
    • Reported - view

    If Pfsense was setup properly,  then the IP address of your pfsense box would be populated in the DNS settings for the DHCP clients. That is your clients would go to your pfsense box for DNS resolution and the Pfsense box (utilizing Unbound) would access NextDNS servers on behalf of your clients. Did you add any extra info to the DHCP config *other* than using your internal address of your pfsense box as the DNS server in the 'Servers' section? It is clear that your clients are directly accessing NextDNS which does not link them with your profile.

      • Bhusan_Gupta
      • 3 yrs ago
      • Reported - view

      Bhusan Gupta This is the key instruction from the Pfsense DHCP setup (use this interface's IP):

      "Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page."

Content aside

  • 3 yrs agoLast active
  • 6Replies
  • 883Views
  • 2 Following