PFSENSE(Router/DHCP) w/ VLANS/PiHOle/UNIFI Equipment

Thank you for the community add. I’m a fan of all your videos. This is my first time posting so I’ll try to be concise.

I’ve watched many of the videos and I believe I have my network setup correctly but I just have some basic questions/confirmations:

PfSense is on / Hostname: PfSense / Domain: Gothambeat

My main network is 192.168.10., VLANS are on 192.168.2. (lighting equip.), 192.168.40.(guest), 192.168.50.(Cameras), 192.168.60.*(IOT)

  1. PFSENSE/System/General Setup/ DNS set to my PiHOLE IP (
  2. PFSENSE/Services/ (LAN/VLANS) / DNS set to my PIHOLE IP (
  3. PFSENSE/Firewall/Filters/
    allow LAN and VLANS access to port 53 on PiHOLE IP (TCP/UDP) (using PIHole alias)
    BLOCK all VLANS from access to LAN and each other
  4. PiHole / Settings / DNS/ Cloudfare IPv4 boxes checked
  5. PiHole / Settings / DNS / Allow only local requests box (Checked)
  6. PiHole / Settings / DNS / Never forward non-FQDN A and AAAA queries (Checked)
  7. PiHole / Settings / DNS / Never forward reverse lookups for private IP ranges (Checked)
  8. PiHole / Settings / DNS / Use Conditional Forwarding
    Local Network: | DHCP Server: | Local Domain: gothambeat


  1. Does this all look correct
  2. Do I need to block port 53 on each VLAN from anything but the pihole? WHen I do this I lose internet access so I’m not sure if this ties to questions 3 and 4 below?
  3. In the PiHole should I have the PfSense DHCP server ( listed as an upstream DNS server?
  4. Do I need any firewall rules specific to the PfSense host? (ex. Allow all destinations?)
  5. IF I want a specific VLAN to bypass PiHOle (ie IOT), do I just set the DHCP Server DNS to something like google or cloudfare (,
  6. I don’t believe there are any UNIFI implications since it’s just serving up my wireless SSIDs

Thank you in advance