Comprehensive Guide to pfSense 2.3 Part 7: DNS Resolver and Benchmarking

More-More-More. Mark, don't stop now. Great series and I hope you are planning on continuing more videos on pfSense.

I'm new to PFSense... and hoping to incorporate it into our business network, and plan on removing our old LinkSys router. I've watched all your vids... Just pure excellence... Thanks for all your time. Subscribed... !

Please oh please, do a video on traffic shaper like you mentioned. These are by far the best pfsense guides on TH-cam and the more you can do for pfsense the better! I love your channel! Keep it up!

Idea's for future videos:
Traffic shaping, FreeRADIUS, squid3, HA via CARP, Content filtering.
Enjoyed this series!

Just finished watching all your PFSENSE videos, Great work, looking forward to new videos.

Video series is fantastic. Thank you for taking the time. Please! don't stop. *Very* anxious for any upcoming new videos.
Great work!!

Great video, thanks for sharing! I just switched back to PFSense now that it has better support for Hyper-V virtual nics. I'm pretty familiar with PFSense, but didn't realize how good and configurable the DNS was. Have fine-tuned the configuration after seeing this video and it's really performing now.
Thanks again from a fellow Canadian computer geek and electronics tinkerer.

Just wanted to say that I really enjoyed and appreciated all these videos on pfSense! I have learned quite a lot - even on topics I thought I already understood. I have a server on order (J1900 4 port) that should be arriving soon and selected it based a lot on your videos. I'm really excited to get it up and running and configured with all the help and information you provided. I sincerely hope you continue these videos as you had originally planned and look forward to learning even more. Thank you, again, for these awesome videos!

Thanks for the Awesome informative and indepth videos Mark!! There aren't a lot of pfsense informational videos (that don't bore people to death).

Excellent video on DNS! I learned a lot from this video. Would love to see a video on captive portal & traffic shaper.

Great videos! I just got a pfSense box and your videos have been very helpful. Obviously you are busy these days with other stuff, but if you do get back to pfSense videos, please think about doing one on VLANS! Thanks.

Just finished all your Pfsense videos.They are awesome. Please make one on Squid etc.
Thank you

Love your videos. They are helping me a lot building and understanding my pfsense box. I am looking forward to the next video.

I binged watched all the pfSense videos. Thank you for sharing the knowledge. Look forward to the next set of videos to finish it off ;-)

Very nice series Mark! Ive watched all your videos and I believe I have a pretty good sense at how things run. I want to build captive portal for my restaurant and manage guests in such way that they get a free 1 'pass-through credit' for say 30 mins then I drop them from my network. In case they buy something I would give them a voucher for another hour or so (possibly print through pos printer). In your videos you didn't mention going through this service any time soon and I couldn't find any comprehensive tutorial on the web so if you could help me answer some questions I would be really happy.
1. I enabled Captive Portal for LAN
2. Set Idle timeout to 20 mins
3. Hardtimeout 30 mins
4. Pass-throough credit per MAC address: 1
5. Authentication: local user manger/voucher and press SAVE
it gives me this error 'The waiting period to restore pass-through credit must be above 0 hours.' I don't see a field to input the waiting period or reset time for these credits. I would set that to 12 hours or so. Also when I put only minimal configuration the portal rarely shows up meaning my connection times out and I have no internet access. However If I disable portal the internet connection restores immediately.
Can you or anyone else please give me some help here.

There were a few mentions of how you did not enable the forwarder, hence the DNS servers configured in the general setup would not be used. The resolver will query the root DNS servers.

brilliant... been looking for something like this for ages! Thanks.

thanks Mark your post is very helpful and I am very grateful. You really helped me with DNS on pfsense!

I wish people actually listened to you in the videos. You say what your plans are. .. really looking forward to QoS it something I ve never managed to setup correctly.
also I hope you plan to reconsider some of the areas you previously left out at the end of your main audience tutorials
thanks again

New to pfsense and im glad i stumbled by your videos for noobs like myself. Ive watched all of your PFsense tutorials and a couple of your other ones (im a subscriber). When are you doing snort and squid videos? Id also like some VLAN and openVPN videos too! Love your videos keep up the good work.
Ps, sorry about your server fire, but im pretty sure you saved me from one as I had a garbage connector in my system!

I wish you would covered Dns Resolver vs Dns forwarder. I think that video deserves it's entire video. I'm using now Dns resolver and it's slower 900ms on avr then when i was using dns forwarder 33-60ms on avr. HUGE difference. All in default settings. I can't seem to make it faster. I'm not using squid or any caching. Thoughts guys

excellent presentation dude 👍
I can't thank you enough

Thank you somuchfor these videos. they have helped me set up my home network and understand more. i look forward to more!!!

Why did you stop? If you put them on Udemy and carry on I would buy them. I was waiting something on rules and Firewall management, IPS IDS and staff like that. You are very clear when you explain, keep going.

Thank you so much for your kindly shared.

Hey Mark! Another great video! Are more on the way? I can't seem to get enough of them and I love learning more about my network. Hope to see a bunch more pfsense vids soon!

Excellent video once again! Thank you!

Excellent video series. Can you try to include "Traffic shaper" feature on you next firewall video? Possibly how to control the speed of internet (download/upload speeds) to a specific mac address/s to limit some computer on the local network to a limited down/up speed.

Hello Mark! You are doing gods work. Would you please make a video or series of videos about firewalls in pfsense? I remember in the fifth part that you had mentioned that you would.

Great work, very well explained. Could you please add a detailed part on how to configure an additional LAN (e.g. LAN2 for connecting surveillance cameras), how to separate this network from the Default LAN and how to access this LAN2 from the Internet using an OpenVPN? Many thanks!

According to Netgate Docs, if using DNS Resolver Mode, manually setting DNS Servers or enabling DNS Server Override has no effect. So all the steps with namebench can be skipped.

hey Mark, awesome stuff, keep it going please. I'm looking forward to your videos of squidguard and the like :)

When you specify what interfaces you want the DNS server to listen on, I'm having a hard time understanding why you would include the WAN interface. Could anyone explain plz? (Im talking about a situation where pfsense is acting as your primary edge router for a home LAN)

Excellent Briefing so lovely

Hi Mark,
Your videos are great reference specially for pfsense 2.3, Hope you could make a video too for Squid3, Traffic Shaping and Captive Portal.

Hey Mark,
Thanks so much for your comprehensive guides. Been setting up a small company router from these videos and it's been working great. Played around with a lot of it, experimented like you said. I was hoping you could soon talk or go over packages, and possibly how to set it up to block ads to help with bandwidth, or point me in the right direction as I am stumped. Any help would be great, thanks!

Thanks for all the hard work you put into this!

Hi Mark, will you be continuing with the pfSense video series? Looking forward to part 8.

Why do you not enable the Forwarding Mode? If it's not enabled always DNS Root servers will be used. So the configured DNS Servers in the General Setup are not used at all...
Correct?

Simply fantastic. Thank you, thank you, thank you!!!

Fantastic video. Thank you!

Thank you for whole series!

Do you plan on doing an OpenVPN Guide as well?

Great videos!
Are you going to talk about the integration with Windows Server and Active Directory ?
That would be very useful for lots of people.

Mark, thank you for your excelent video.
You helped me a lot.

Great Tutorial which you have presented keep it up.

Subbed! Your videos are so awesome. Quality stuff and you explain the technical bits amazingly well. Thank you for this. I got IGMP working (on 2.2.6), but TBO I'd like to understand it better. Do you have plans on making a video in regards to this topic? Unfortunately IGMP is not working on 2.3 (known bug), so I had to downgrade to 2.2.6 to get it working with VLANs, but it would be nice with a video on how to set it up/how it works (technically) regardless - Upsteam/downsteam etc.

This is awesome. Thanksfor all your hard work on this. Could you please, please, please make videos about setting up Squid with pfSense and also using upnp (with a bittorrent client).

Good tutorial Mark. Personally, I think DNS, Nameservers, etc are the most complicated thing in any network.
Checking them to see if they are working is akin to asking if God is real. (and yes, I'm being serious)
I am "trying" to build a pfSence rig, but right now, am running two Smoothwall systems. It goes modem,
S.W.1, routers, S.W.2.. The lan is 192.168.15.xxx and 192.168.0.xxx Yes, two firewalls back to back. Now,
my routers are actually managed switches, and I could hook one to the modem and VLAN to the two S.W.
units. (same would hold true with pfS) Namebench passed my two S.W. units, but failed my stand alone
DNS server on a computer. (not what I wanted to see) Why do I want a bulletproof DNS? My ISP tends to
have DNS failures quite often. The connection is still there, but its dumb as a post. So, in my mind, if my
system knows where things are, I should be fat, dumb, and happy; and be able to use the Internet. Back
in the days of JNOS I spent hours hand typing a lookup table, verifying, and so forth. Today, that's just
total insanity. So the pfS project is still moving forward and watching your videos help. Thank you.

Amazing video! Many thanks for your time creating and sharing this;)
I have two problems in my pfSense:
My current setup of pfSense has two networks. One LAN (private) and one WAN (which is bridged with my physical router at home)
1. If I enable DNS unbound, I cannot resolve hostnames out of my LAN (e.g. other laptop which are not hooked up to my pfSense, but they are connected into the home router).
2. If I disable DNS unbount, I can resolve and ping into those machines, but then all of my LAN machines cannot have FQDN (and it's crucial to me to have FQDN)
Long story short, is there any way where I can force pfSense to assign FQDN to IPs that are registered via its DHCP?
and second question is, how can I assign hostnames automatically to these machines? I have a cluster and I woud like to have sth like node1.domain, node2.domain etc.

Yes yes I need more more!!!

very helpful, thanks.... keep up the good work.

Hi +Mark Furneaux. when do you think you'll be covering open vpn. hopefully your video will cover it but have a specific question about open vpn. basically. I need to connect two ip addresses on one subnet to ipvanish. the rest of the subnet will connect to the normal internet.
great work with the videos so far

I have enabled DHCP and DNS for opt1 that's connected to a d-link switch. However, it does not resolved to anything when I try to use the browse? I've opened ports 80, 443, etc...

Could you do a video on QoS or Traffic Shaping with pfSense? Thinking about making the switch from a standard ASUS router and want to know if I would be able to handle QoS on pfSense.

hi mark are still doing a nat and firewall rules video you just stopped after the dns video. was really enjoying the series

Hi Mark, let say I have multiple DVRs which I connected via DDNS and port forwarding in pfsense box for example cctvdvr.ddns.net:8080. I have no issue when trying to connect from outside network. But when I'm using wifi which from my own internal network, seems like the DDNS can't resolve the cctvdvr.ddns.net:8080. Any idea which DNS services can be done to allow local network to use DDNS hostname?

I noticed that you said DNSSEC encrypts the connection to the DNS server, but it does not. It does not encrypt data, it digitally signs the DNS entrys to prevent man in middles attacks, and allows the dns client to verify that the dns entry has been untouched.

Question - if you are using DNS Resolver, why do you leave Disable DNS forwarding unchecked in the general settings?

@31:00 Wouldn't you only want to set your Network Interfaces to just localhost and LAN connections?

Hi Mark, thanks very much for the excellent videos, on pfSense! you have inspired me to install it and use it as my router\fw. Will you have a session on traffic shaper setup\best practices? I've set it up using the wizard, but my results are not very good I believe. Anyways, thank you again for doing this!

I had to reset my router, for some reason I can't get the DNS override for my devices to work
(Like typing NAS/ instead of 172.16.23.50)

Thanks a lot!

hi. Mark, Im trying to work with the pfsense in paralel with Mikrotik , just to wokr with dns resolver, only one ports Lan, How can I use it HOST OVERRIDES

How do you setup a host override so that you don't have to specify a domain. I see you have only "pfsense/" in your browser.

Hello Mark. Could you please make a playlist for this tutorial/guide to easy follow the next video.

Please make videos on packages like snort, squid and also on VPN soon.

love the series cant wait for more vids keep them coming Mark

Mark thx for the vids , but it seems that you stop. i hope that this not so. Do not leave us hanging like this bro. keep up the good work

Hello,
Instead of using DynamicDNS services to updated public IP address, is there a package or somehow enter a automated command every x set time to check sites like whatsmyip.org and have it send me a email or something like that?

Hey Mark great series. How long should I wait to run namebench after setting up a new machine?

Can you do a video talking about Squid and its "Dynamic and Update Content"
[Cache Steam Updates/Games. Xbox/Playstation Game Updates ect]
I tried it with my Xbox One, and it causes the "Multiplayer Connection Test" to fail. And the "Detailed Network Stats" to not report Upload speed, and MTU setting. Whenever I have it go though Squid. But if I add the Xbox's IP into the "Bypass Proxy for These Source IPs" list it will allow it to work because its bypassing the proxy..

Is there a way you could tell me how to get ubuntu server working while using pfsense? I have pfsense on one pc, and ubuntu server on another. Ubuntu server won't recognize the dhcp

Hi Mark, Vids on PFSense are brill when do we get PFS VPN && PFS Firwall

hello mark i've been following your guide but i just can't get port forwarding to work

Keep up the great work!

What does dns resolver do rather than use the default servers

Sir Mark..can you make tutorial setup for corporate used using pfsense, eg. group user no internet access but can receive email, group of user with internet access but block on facebook and youtube, and user can access all website.

How did you get your browser to resolve directly to pfsense/ ?

What about avoiding the use of ISP DNS servers to keep from having DNS leaking when connecting to a VPN service?

how to configure squideguard blacklist?

Do you plan to have more pfsense content this summer?

Hei Mark thank's man, helps me a lot !

What does dns resolver do different

When is your next video about pfSense going to be released? It's been over a month bro. :(

I use a smartdns service for watching US streaming in canada. Smartdnsproxy.com. and I have a connected unifi AP.
Do i change the dns on my WAN or WLAN(AP).
I also see four spaces for to put dns, if put the first to smartdns servers and the others as google dns, or anything else, would streaming still work?
Would be thankful for the advice.

I tried using Namebench and my "Mean Response Duration" from my pfSense box (SYS - 192.168.1.1) is always the slowest. In five tests, the numbers are: 182 ms, 229 ms, 236 ms, 238 ms, 357 ms. Compare that to 42 ms in your in the video. The "Fastest Individual Response Duration" is normal at 1 ms. Any ideas why?

pfsense - dns setup - walkthrough
28:09

Great series. Sadly it seems this is the final episode :-(

My Pfsense Box is always at the bottom of the graphs. could it be because my i7-2600 8GB box has an mechanical HDD?

How do you find out how long it takes to the round trip tip to nearest DNS server?
Do I traceroute and add up all the times?

Why do you have a private ip on your WAN interface? What ISP do you have?

video speed 1.25x then thank me later... Thank you sir!

When's the next video?

Anyone have a any idea why this stopped?

part 8 ??

Off topic comment, but u know this guy is Canadian when he says "google.ca".

Do you plan on doing Untangle?

Be careful with public dns. Not only are you essentially telling them all of the hosts you access, but some of them will respond to non existing domains with their own servers ip addresses in an attempt to redirect mistyped URLs to their own search pages.

n00b here. where can i view the actual cache/dns table?