pfSense / PIA - how to specify DNS Servers

Hi, I watched the awesome video on setting up pfSense and PIA with a Killswitch and have it up and running. However, in addition, I would like to set specific DNS servers to use depending if the host is going through the regular WAN interface or the PIA interface.

I tried setting up additional DNS Servers under System/General Setup and mapped the google servers 8.8.8.8 and 8.8.4.4.to the WAN Gateway and the PIA Servers 209.222.18.222 and 209.222.18.218 to the PIA Gateway, but when I run DNS lead test from a host that is going through VPN (as confirmed by the green Protected by PIA notification when I go to the PIA site), I am seeing the google DNS Servers come up. I also tried checking “Disable DNS Forwarder”, but that didn’t fix it. Any ideas on how I can fix this? Basically, I would like the setup to be:

WAN use 8.8.8.8 and 8.8.4.4
PIA use 209.222.18.222 and 209.222.18.218

Thank you!

Hammer

1 Like

I dont know if this helps, but i set the option in the DHCP server when splitting between VLANs before. It might be worth trying to set the DNS server you want when the devices get a DHCP lease from you.

1 Like

Thank you! I was hoping to not have to specify this at the host level since new machines can be added to the network. I’ve setup an alias that has all the machines that go through VPN. Do you know if there’s a way to specify DNS servers for an alias?

I agree with @Kalifornia909 that creating 2 DHCP groups or separate networks with specified DNS servers is be the cleanest way to do it.
As an alternative, you could set some NAT port forwarding that redirects traffic to the desired server. The only problem with this is that you can only specify a single server. AFAIK, round robin of multiple servers (ie 8.8.8.8 and 8.8.4.4) isn’t possible.
I have a rule (possibly inspired by @LTS_Tom) that take all traffic to dst port 53 and redirects it to router’s 127.0.0.1 port 53. Replace the 127.0.0.1 with your PIA DNS server and narrow down your source ip’s to the alias that you created.

Thank you…I think creating two networks is way beyond my capabilities! :slight_smile:

Hi, still trying to see if I can get this to work without 2 DHCP groups or networks…

What I find is that even though I am specifying the DNS servers to use by gateway, I see that those servers are not being used. I have 8.8.8.8 for the WAN gateway and 209.222.18.222 for the PIA gateway. However, when I check on a host that is going through the PIA gateway, I see that my ISP’s DNS server is being used. So it seems my DNS server entries on the System/General Setup page are not being used. Does anyone know why that would be the case? Thank you!

Check to make sure that your clients don’t have any DNS entries hard-coded on the client computers.

Also, when you mention ‘DNS server to use by gateway’ - do you mean the settings on System-> General Setup in pfsense web interface? Or under Services -> DHCP Server -> LAN ? It’s the settings under DHCP server that will actually propagate to the clients.

Thank you…I don’t have entries hard-coded on the clients. And ‘DNS server to use by gateway’ is under System/General Setup. If the setting here are not used, what are they for?

Under Services -> DHCP Server -> LAN, I have left the DNS Servers blank because there is a note which says “Leave blank to use the system default DNS servers: this interface’s IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page.”

This is why I am puzzled why this is not working…