pfSense Support Subscription

Author Topic: How do I disable the DNS Forwarder?  (Read 133 times)

0 Members and 1 Guest are viewing this topic.

Offline hegar

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
How do I disable the DNS Forwarder?
« on: September 13, 2017, 07:20:29 am »
Hi,

For debugging reasons, I am trying to disable the Unbound DNS Forwarder and, at the same time, enforce "require a domain".
When "Apply"ing these changes, they are lost and "Enable DNS Forwarder" is checked and "require a domain" is unchecked again.

I've checked the "Disable DNS Forwarder" on the System/GeneralSetup page as well, and that one has been unchecked, too.

We are using
2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19

Thanks for any enlightenment. :)

HP.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13450
  • Karma: +1183/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #1 on: September 13, 2017, 07:56:04 am »
unbound out of the box is not a forwarder..  You would of had to enable it to work in forwarder mode at some point. 

Why are you not running 2.3.4p1 ? 
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Offline hegar

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #2 on: September 13, 2017, 08:02:08 am »
Thanks John,

>unbound out of the box is not a forwarder..  You would of had to enable it to work in forwarder mode at some point. 
If I get it right, forwarder mode is the default in pfSense 2.3.4.

For tests, I want the DHCP clients to get the original DNS Servers form the System/GeneralSetup page^, instead of 127.0.0.1 or the LANIF IP.
In my understanding, disabling DNS Forwarding should do the trick, right?

>Why are you not running 2.3.4p1 ? 
Because we are dealing with +/- 250 appliancies with pre-built images, slightly adapted for central management.  8)

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13450
  • Karma: +1183/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #3 on: September 13, 2017, 08:04:01 am »
"If I get it right, forwarder mode is the default in pfSense 2.3.4."

No unbound as resolver has been default since 2.2
https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

Your dhcp clients would never get 127.0.0.1, they would by default point to pfsense interface IP that your running the dhcp server on.  How would that work if dhcp clients pointed to themselves for dns??
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Online nycfly

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +1/-0
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #4 on: September 13, 2017, 08:10:19 am »
Quote
For tests, I want the DHCP clients to get the original DNS Servers form the System/GeneralSetup page^, instead of 127.0.0.1 or the LANIF IP.
In my understanding, disabling DNS Forwarding should do the trick, right?

The DNS Servers clients receive via DHCP are controlled under Services=>DHCP Server. The DNS servers under System=>General Setup specify the servers used by pfSense. If no DNS servers are specified under DHCP the default behavior is to give clients the pfSense machine as the DNS server.

Offline hegar

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #5 on: September 13, 2017, 08:20:25 am »
Hi John,

Maybe I was easily to be misunderstood - Apologies.
I've read that document before, however I was not aware that "Forwarder Mode" is not just a functionality of Unbound.

And yes, 127.0.0.1 is obviously not handed out by DHCP, but the first DNS on the appliance itself. :)

But nycfly put me on the track:
Quote
Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page.
I'll just enter the external DNS Servers, basically the same I've got in System/GeneralSetup.

Nevertheless, the unchecked "Enable DNS Forwarder" is checked again after a save.

Keep you updated, thanks so far. :)
« Last Edit: September 13, 2017, 08:26:32 am by hegar »

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13450
  • Karma: +1183/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #6 on: September 13, 2017, 10:56:22 am »
"Nevertheless, the unchecked "Enable DNS Forwarder" is checked again after a save."

"Because we are dealing with +/- 250 appliancies with pre-built images, slightly adapted for central management. "

Maybe that has something to do with it.. What did you do to the images.  Are they running RO on the file system or something.  What "image" are you running on them..   If they are being handled by "central management."  I would take that any changes you want to do to the managed boxes would have to be done via the central management.. If not its not really central management now is it ;)

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)

Offline hegar

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #7 on: September 14, 2017, 02:21:14 am »
Quote
What did you do to the images.
Without going too far off topic, we basically added a cron job SSHing to a central instance polling for new config XML files.
I honestly can't think of a relation to this.

Nevertheless, I'll cross-check with an original 2.3.4.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 13450
  • Karma: +1183/-176
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How do I disable the DNS Forwarder?
« Reply #8 on: September 14, 2017, 04:49:22 am »
what image are you running.. I would guess maybe the nanobsd.. You could be in a read only mode?

You do understand the settings are in the config.xml if you grab a central xml then yeah you would go back to your old settings, etc..

What I can tell you for sure is that in a normal system out of the box.. click it on, click it off - that simple..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-RC Sep 15 16:04:53 VM running on esxi 6.5 (home)