DNS Confusion in PFSense


Hopefully this is the right place in the forums for this and if not my apologies. I was following this guide to set up HAProxy on PFsense: https://www.youtube.com/watch?v=bU85dgHSb2E&t=452s

I have an internal DNS server that uses BIND and I also set up my PFSense instance as suggested in 2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages.

So, from my understanding which is limited, PFSense can handle DNS for internal servers without the need of an actual DNS server outside of itself? The reason I ask is because following the HAProxy tutorial, when it’s time to check DNS let’s say something.domain.com in Toms example, it shows the internal IP address he set up from the host override but when I do it on my end it’s trying to find that DNS entry externally and fails so I assume I have my PFSense DNS set up wrong and need to fix it so everything processes it’s DNS via PFSense.

So my question is, can I eliminate my Internal DNS server and simply set up all DNS on PFSense so ALL DNS is processed by PFSense unless it is external and if so, can someone direct me to something that shows how this is done. I wish I knew the proper terminology so I can search for it myself but wanted the proper information so I know for future reference.

Thank you very much!!

Internal DNS for internal hosts should be done on pfsense. If you are exposing services publicly to the internet then you’ll need to have an external DNS service like cloudflare to set DNS records for the domain that you purchased to point to your public IP address.


Correct. The internal DNS I have a DNS server but nothing external. I believe the tutorial was for internal use as well although he did mentioned he could be done for external use as well. I guess what I am asking is how to do the internal DNS on PFSense without needing the Internal DNS server I have.

Right now, I have a BIND server using domain.co and it’s just for internal servers. I can set up the same on PFSense I assume?


I just don’t know what I’m looking for in terms of setting that up.

Thank you!

So you setup a bind server and you cannot figure out DNS in pfsesne?

Apologize for being blunt, but this sounds impossible.


I’m learning. The bind server I set up was done following a HowTo and I got it to work and learned how to update records etc but I’m still new to pfsense. I know there is a bind server and bind resolver but I’m wondering how I can remove the DNS host itself and do it all in pfsense. I assume that is the host overrides but not 100% sure. I just want confused following the HowTO for the HAProxy set up. I think I have to point all the hosts to PFSense and use the host overrides and be done with it.

That is interesting. Yeah, manually setting up host overrides should do it for you. Just play around with it and you’ll see how easy it is.

And yes, you’ll want to setup DHCP to point clients to your pfsense box instead of your bind server. After you test everything you can power off your bind server or leave it running.


Yeah that has been working so far. I never thought about it until I ran into that video and said oh we can do DNS here. It’s internal so I rather have it all in one place.

Thank you very much for your time and help!


Basically, what I had to do was create a domain name under Domain Override with the domain name I wanted to use for the internal DNS which doesn’t have to be an actual real domain name since this is not going to be used publicly and the IP for it I used for it to route the DNS via the router itself was the default gateway IP. For exmaple:

testdomain.com -

Once that is done, I had to do some host overrides for each host I was doing DNS for. For example:

awx.testdomain.com -
metrics.testdomain.com -
monitoring.testdomain.com -

You can make as many as you want. This allowed me to create all the DNS records I needed internally without the need of a different DNS server.

Thank you!

BTW, 192.20.x.x belongs to AT&T


That IP range is one of the ones I created internally for the office VLAN which. My issues was that I did not have a domain override set up so the domain used in the search in /etc/resolv.conf which was hovinfra.com wasn’t reaching out to anything externally and once I added the domain override boom it worked. This worked before but I had a VM running BIND for internal DNS but moved the DNS over to pfsense to manage it all in one place without the extra DNS host but failed to create the host in pfsense.

You should not use public IP ranges for your local office VLAN, use a range in the private RFC1918 space instead:


Private IPv4 addresses

The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers Authority (IANA) to reserve the following IPv4 address ranges for private networks:[1]: 4

RFC 1918 name IP address range Number of addresses Largest CIDR block (subnet mask) Host ID size Mask bits Classful description[Note 1]
24-bit block – 16777216 ( 24 bits 8 bits single class A network
20-bit block – 1048576 ( 20 bits 12 bits 16 contiguous class B networks
16-bit block – 65536 ( 16 bits 16 bits 256 contiguous class C networks

In practice, it is common to subdivide these ranges into smaller subnets.

1 Like


Thank you for that information I really appreciate it! I wasn’t aware that was a public range for them. The IP I got from them was way different so I figured I could use that since it was internal and never would touch the outside world. But, based on this new information I’ll work on making those changes internally.

Thank you again!

1 Like

If you still haven’t figured this out, here are the instructions:

  • Go to pfsene and login

  • Navigate to Services and then to DNS forwarder

  • Scroll to the bottom of the page until you see Host Overrides

  • Click on add (green button)

  • Fill in the following fields: Host, Domain and IP. The description field is optional

  • Click on save and you are done

1 Like


Thank you for the info! These were the steps I did before for the host overrides but the reason it wasn’t working is because I did not have a domain override and once I added that everything else started working properly again.

Thank you!