How does pfSense use multiple DNS servers from gen setup

Sterling · July 28, 2023, 6:53pm

I have set up DNS Resolver with forwarding enabled.
I entered several DNS services in the general setup.
Everything seems to be working …except I don’t know how to verify pfSense is using the DNS services that I entered.

How do I know that DNS queries are going to my choices, and more specifically how do I know which one it is using?

I am using Linux and most of the things that I have tried simply point to the NIC on my router.
Or alternately just 127.0.0.53

When I have connectivity issues I would like to be assured that the DNS is working.
Thus the question on how pfSense uses the DNS server list.

It would be nice to know how pfSense uses the user entered list of multiple DNS services.

xMAXIMUSx · July 28, 2023, 7:46pm

You can use pftop. Navigate to Diagnostics > pftop
Next add your query. Replace the IP’s used in your general settings like the example below.

Not encrypted:

dst 8.8.8.8 and port 53

Encrypted:

dst 8.8.8.8 and port 853

Your results should look soemthing like this. Make sure you are looking at the SRC and its your public IP. I blurred mine out.

image1136×512 23.9 KB

Sterling · July 28, 2023, 8:25pm

Many, many thanks xMAXIMUSx
VERY interesting. It appears to be using the third and fourth DNS servers listed in:
System . . . General Setup.
So does pfSense choose based on availability? response time?

xMAXIMUSx · July 28, 2023, 9:06pm

I’m not 100% sure. If I had to guess it load balances it but, I’m not sure which method of load balance is being used.

Sterling · July 29, 2023, 12:11am

“You, sir, are a steely-eyed missile man”
Thank you

neogrid · July 29, 2023, 2:33pm

When you set multiple DNS servers I do believe it uses the fastest response.