Hello all,
Random question and is probably nothing but if all my DNS records are passing through pfSense, why does this IP come up in the DNS benchmark tests?
This isn’t the only IP, another one comes up as well:
And another:
All other DNS servers are red which, I assume, means unavailable because of the pfSense port 53 redirect rules.
Why are the other IPs/Servers pop up on the list if pfSense (172.22.1.11) is the only one handling DNS?
This is Steve Gibsons DNS test. I use it too. I have never seen them all red. A few but normally unavailable.
The list is hard coded for the most part sorted by pings. (Sorry I do not remember all details off top of my head. Few years ago it was released but patched with newer DNS servers in last 12 months)
So you seem to have rules preventing DNA lookups or blocked ups.
I’m interested in what you have configured for that. Have you got a rule blocking all port 53 traffic apart from allowed ups? I run pihole on two machines locally. However I am forced to add DNS over rides to some devices in order to watch cycling on public broadcasting streams for a public broadcaster in Australia. I can see benefit in blocking all but allowed
Hi lionslair!
Thank you for the reply! I was thinking something was bypassing the rules I have set up for pfSense. I have everything on my network forcefully pass through the pfSense DNS and then out.
I don’t have anything special set up, I have anything relating to forwarding DNSs disabled so literally everything HAS to go through either 127.0.0.1 or my pfsense’s static IPv6 address.
I’ve read that ALL DNS for pfSense Unbound is pointed to 127.0.0.1, however, when I only had the IPv4 rule I only saw a few KBs in the firewall ‘States’.
After adding IPv6, the number was in the KBs for the IPv4 rule and the number kept growing for IPv6… I hope that made sense… weird!
I also have pfBlockerNG installed but that only blocked Apples iCloud Private Relay non-sense that completely bypasses the pfSense DNS… not good!
Also, I believe I don’t have DNS over HTTPS (DoH) nor DNS over TLS (DoT) enabled… I don’t know how to check that (still a bit new to pfSense & pfBlocker)
