Let’s explore more about DNS resolver in pfSense. Bobcares offers answers to your pfSense queries as a part of our Server Management Services.

The pfSense DNS Resolver

When we connect to the internet, the router sends network setup information to the local device, which includes DNS servers. These servers will convert host names to IP addresses. The DNS Resolver component is in charge of determining whether the hostname is in the local cache and, if not, contacting a number of DNS Name Servers until it receives the IP address of the website or service we are attempting to access. If everything is in order, this could take less than a second.

pfSense uses an unbound DNS resolver. It can function in a resolver mode or a forwarding mode.

1. Resolver mode: In this mode, the resolver looks into the root DNS servers directly to find the pages requested by the users. Because it does not need forwarding DNS servers to work, it removes issues related to missing or inaccurate local DNS configuration.

2. Forwarding mode: In this mode, the resolver will forward the requests to the multiple numbers of configured servers found under System >> General Setup or from dynamic WAN.

Set up pfSense DNS Resolver

In order to set up the pfSense DNS resolver, we must go to Services >> DNS Resolver. Some of the options available with the DNS resolver are as follows:

Options in pfSense DNS Resolver

1. Enable: We’ve to check the box next to this option in order to activate it. And unchecking it will deactivate the service.

2. Listen Port: DNS resolver will listen to client requests in this TCP and UDP port. By default, it will be 53.

3. Enable SSL/TLS Service: Configures the DNS Resolver to behave as a DNS over TLS server, answering queries from DNS over TLS clients.

4. SSL/TLS Certificate: When operating as an SSL/TLS server, this is the server certificate to use.

5. SSL/TLS Listen Port: The TCP and UDP ports on which the DNS Resolver will listen for DNS over TLS client queries. This is port 853 by default.

6. Network Interfaces: The resolver will bind to these network interfaces when listening to client requests.

7. Outgoing Network Interfaces: Specifies the interfaces that the firewall will use for sending queries to other DNS servers.

8. System Domain Local Zone Type: The option specifies the zone type configured in unbound for the system domain.

9. DNSSEC: Allows clients to trust the origin and content of DNS answers by enabling Domain Name System Security Extensions (DNSSEC). By default, it is active.

10. Python Module: The DNS Resolver Python module is enabled. This functionality uses a Python script to perform actions on queries or results.

11. DNS Query Forwarding: Controls the mode of the DNS resolver.

12. DHCP Registration: Controls whether internal DHCP client machine names are recorded in the DNS Resolver.

13. Static DHCP: This option is similar to Register DHCP leases in DNS resolver, except it registers the DHCP static mapping addresses.

14. OpenVPN Client: This setting determines whether OpenVPN client names are recorded in the DNS Resolver.

15. Custom Options: A text field for additional unbound directives that the GUI does not natively support.

[Need help with another issue? We’re here to help.]

Conclusion

To conclude, the article briefly explains the pfSense DNS resolver along with different options to be configured in the DNS resolver.