pfSense and DNS servers

Stugots said:
There is a allow DNS Server Override option in System > General Setup. Is that disabled?
Click to expand...

Yea, I found that. The default is use local but fallback to remote. I set it to use local only. I kept monkeying with it. There were loads of other setting like DNSBL which I enabled, I disabled it and a few other things but I suspect it was the culprit. In my mind it's kinda stupid for pfSense to override the DNS servers you entered and then use something else. How can that possibly be useful? Anyway, it's fixed now.
 
Deadjasper said:
I go to DNS Server Settings in pfSense and set the DNS Servers to Cloudflare. I then go to https://www.top10vpn.com/tools/what-is-my-dns-server/ at it shows my DNS Server as my isp.

Can someone please explain this stupidness? How the can can you set the DNS servers and then pfSense overrides them and sets the DNS server to the isp?

TIA
Click to expand...
This is strange. I have the Canadian Shield DNS servers set on my non-pfsense router and that link is saying that I'm using a Cogent one. Now, Cogent is a Canadian company, but the IP is nowhere near what I have set. So I think this shows that you need to look at the test results with a grain of salt.
 
SamirD said:
This is strange. I have the Canadian Shield DNS servers set on my non-pfsense router and that link is saying that I'm using a Cogent one. Now, Cogent is a Canadian company, but the IP is nowhere near what I have set. So I think this shows that you need to look at the test results with a grain of salt.
Click to expand...

I decided to dump pfSense because of this issue and I'm now back to using OPNsense. I'll figure out the port forward issue. I no longer trust pfSense. It's just plain stupid that it would use a DNS server other than the ones I entered. Don't really care what the explanation might be. As an extra precaution I've manual set the DNS servers in all my boxes to Cloudflare.
 
Deadjasper said:
I decided to dump pfSense because of this issue and I'm now back to using OPNsense. I'll figure out the port forward issue. I no longer trust pfSense. It's just plain stupid that it would use a DNS server other than the ones I entered. Don't really care what the explanation might be. As an extra precaution I've manual set the DNS servers in all my boxes to Cloudflare.
Click to expand...
I wouldn't have done that as I think that website is just not right. I think if you want to really see what you're getting for DNS resolution, use nslookup and see what it says. When I checked mine, they were still Canadian Shield.
 
SamirD said:
I wouldn't have done that as I think that website is just not right. I think if you want to really see what you're getting for DNS resolution, use nslookup and see what it says. When I checked mine, they were still Canadian Shield.
Click to expand...

You're probably right. I managed to find a website that explained how to get port forwarding working in OPNsense so for now I'm good. I'm keeping my old pfsense box in reserve in case I need it.
 
Deadjasper said:
I decided to dump pfSense because of this issue and I'm now back to using OPNsense. I'll figure out the port forward issue. I no longer trust pfSense. It's just plain stupid that it would use a DNS server other than the ones I entered. Don't really care what the explanation might be. As an extra precaution I've manual set the DNS servers in all my boxes to Cloudflare.
Click to expand...
Pfsense is like the Minecraft of routers. You can literally do anything you want. But you need to be careful to do it right. I have been very frustrated at times, but eventually I find the instructions online somewhere for whatever I'm trying to get done and then Pfsense runs like a Swiss watch.
 
OFaceSIG said:
Pfsense is like the Minecraft of routers. You can literally do anything you want. But you need to be careful to do it right. I have been very frustrated at times, but eventually I find the instructions online somewhere for whatever I'm trying to get done and then Pfsense runs like a Swiss watch.
Click to expand...

Thanks, yea, I like them both. I've been using OPNsense together with Pi-Hole for some time now. haven't had any issues or problems. OPNsense is running on a Dell Wyse 5070 Extended with a dual port Intel i350 NIC and Pi-Hole is running on a Wyse 3040. Both have been running 24/7 for months now.
 
Deadjasper said:
Thanks, yea, I like them both. I've been using OPNsense together with Pi-Hole for some time now. haven't had any issues or problems. OPNsense is running on a Dell Wyse 5070 Extended with a dual port Intel i350 NIC and Pi-Hole is running on a Wyse 3040. Both have been running 24/7 for months now.
Click to expand...
Do you have a go to adblock list?
 
OFaceSIG said:
Do you have a go to adblock list?
Click to expand...

Not sure I know what a "go to adblock list is. Does this tell you anything?

Screenshot from 2024-01-19 06-41-26.png
 
OFaceSIG said:
Was just curious how nerdy you get with pihole... Somepeople add their own lists here.
Click to expand...

I tend to get as nerdy as I have to but no further. Pi-Hole works excellent right out the box, I've never felt the need tweak it. But then again, I may not know what I'm missing. :(

OK. after a little research I added a few more lists from github. Thanks. (y)
 
Last edited:
Deadjasper said:
I tend to get as nerdy as I have to but no further. Pi-Hole works excellent right out the box, I've never felt the need tweak it. But then again, I may not know what I'm missing. :(

OK. after a little research I added a few more lists from github. Thanks. (y)
Click to expand...
I add many of the lists from Developer Dan. https://www.github.developerdan.com/hosts/

I find that between the default list and DD lists I'm covered very well.

Recently I did add a few more that is probably a lot of overkill, but my children are getting adventurous on the Internet so I have a filter that blocks a whole shitload of stuff they don't need to be exposed to yet.
 
Vermillion said:
I add many of the lists from Developer Dan. https://www.github.developerdan.com/hosts/

I find that between the default list and DD lists I'm covered very well.

Recently I did add a few more that is probably a lot of overkill, but my children are getting adventurous on the Internet so I have a filter that blocks a whole shitload of stuff they don't need to be exposed to yet.
Click to expand...

Thanks. Just added a couple more. (y)
 
You must log in or register to reply here.
Back
Top