pfSense DNS Forwarder?

Hello all,

Glad to see this forum up and running!

Question - why does one need to use pfSense DNS Forwarder and what is a typical use case for it?


I forward my DNS queries to a Raspberry Pi running the Pi-Hole before they get out onto the web and use a public DNS service.

I use it assign hostnames to my devices on the LAN.
e.g.: ,, etc
Now I do not have to remember all those IP addresses and can use a SSL certificate. :wink:

Other (mis)use for me were the domain overrides so I could drop traffic to domains like : and

(Instead of the domain overrides you can better use Pi-Hole offcourse which I am running now)


That’s exactly what i want to have !
Would you walk me thru steps to achieve this ?

Say I have for Emby and want it to look like

I am not sure if this a best practice but this is what I have done on my private LAN.
(You cannot forward to or from a port number as far as I know)

At Host Overrides use the + Add button
Now fill in the blanks with:
Host - the hostname like emby
Domain - your internal domain like
IP Address - the IP address of the host
Description - A description if needed

Make sure :
you have chosen a interface under Interfaces
to use pfSense to handle your DNS requests
to flush your DNS when needed on the client


(You cannot forward to or from a port number as far as I know)

That’s would be very nice to figure out how to do !

So far I am out of luck. Here are my settings:

I had to use port 54 as 53 suspected to be used by pfBNG or DNS Resolver. Is it OK ?

I do force all clients to use pfSense port 53 for DSN calls as in

Anything jumps at you ?

Thanks for helping !

PS: I suspect my set up of ports 53 and 54 is wrong …

These are my settings. I cannot remember if I ever changed something from default.

I do not have a DNS firewall rule.

Still no love :frowning:
Maybe somebody has some ideas ?

What’s interesting that I do see my emby.mydomain.lan name registered in /etc/hosts


Do you have DNS Resolver also listening on 53?


I do not have the DNS Resolver activated.

When I look at the menu options it is almost the same as the DNS forwarder.
I have no clue what the difference between the forwarder and resolver is.

It is more that 3 years ago that I set this (private) box up and do not remember why I choose to use the DNS forwarder instead of the DNS Resolver. :thinking:


Just FYI same behavior can be done via DSN Resolver/Host Overrides and add a host values there

Okay. That is good to hear.