Improve Internet Performance With the DNS Forwarder Service in pfSense

Updated on September 19, 2016
skear profile image

Sam works as a Network Analyst for an algorithmic trading firm. He obtained his Bachelors Degree in Information Technology from UMKC.

Almost every request a computer sends over over the internet relies on DNS to resolve a hostname to an IP address.

As a result internet performance can be severely reduced if the computers on your network use slow, or overloaded DNS servers.

The DNS forwarder included in pfSense allows much more control over DNS traffic within a network.

By using the forwarder you can override the DNS servers provided by your ISP and utilize fast, high performance servers instead.

The forwarder also further improves performance by acting as a local caching DNS server.

The local cache has the ability to respond to DNS queries faster than any server outside of your network.

Determining Which DNS Servers to Use

There are several different organizations that provide freely available public DNS servers you can choose from. This wide array of choices can make it difficult to decide which servers you should use.

The best choice depends on several factors such as geographical location, upstream ISP, peering locations, and network congestion.

In general you can't go wrong by choosing one of the providers listed in the table below, but to find the top choice I like to run a DNS benchmark which will automatically find the best server.

High Performance Public DNS Servers

Server Name
Primary IP
Secondary IP
Google Public DNS
Level 3 Communications
The fastest and most reliable public DNS providers.

Configuring the DNS Servers

After determining which DNS servers to use the server IP addresses can be configured in pfSense.

To add the servers open the general setup page of the web gui which is found within the system menu.

I usually configure two server addresses but if you want to add further redundancy you can add up to 4.

After adding the addresses save the changes at the bottom of the page.

Specify local DNS servers in the System \ General  Setup configuration page.
Specify local DNS servers in the System \ General Setup configuration page.

Enabling the DNS Forwarder

To enable the forwarder access the configuration page in the web gui found under the services menu. The first check box 'Enable DNS forwarder' must be enabled in order for pfSense to respond to DNS requests.

All of the other settings are optional and self explanatory. I like to enable the DHCP registration feature so I can resolve client computers via DNS instead of netbios.

To apply the changes and activate the service click the save button.

The DNS forwarder settings is found under the services menu in the web interface.
The DNS forwarder settings is found under the services menu in the web interface.

Configuring the Clients

If you are already using the DHCP service to provide IP settings to client computers then you won't need to make any changes to utilize the local forwarder.

After the DNS forwarder is enabled the DHCP service will automatically configure clients to use the LAN IP of the pfSense system for DNS queries.

I recommend testing the settings by renewing the DHCP lease on a client computer.

In most cases this means the DNS server and default gateway should use the same address (assuming pfSense is the local router).

Clients on Static IPs

If there are hosts on the local network using static IP addresses then their DNS servers will need to be manually updated to point to pfSense.

Clients should point to the LAN IP of the pfSense system for DNS queries.
Clients should point to the LAN IP of the pfSense system for DNS queries.

Testing the DNS Forwarder

After verifying that clients PCs are configured to point to the local DNS server you should test the service. The simplest testing method can be done by browsing the web, if pages don't load then there is likely a problem with the local server.

You can also test the forwarder by using the nslookup

Example Command: nslookup (be sure to use a trailing period on the request)

If everything is functioning as expected you should see a valid response from pfSense.

Successful test of the DNS forwarder using nslookup.
Successful test of the DNS forwarder using nslookup.

Clearing the DNS Forwarder Cache

The DNS forwarder will store the results from DNS queries in its local cache until the TTL of the DNS record expires.

Occasionally you may want to manually clear the cache to purge a bad record or troubleshoot a DNS problem.

Rebooting pfSense will clear the cache but you can also clear the cache through the web gui. To manually clear the cache you will need to restart the dnsmasq service. The service can be restarted in the Status \ Services menu in the web interface.

To manually clear the DNS cache restart the dnsmasq service.
To manually clear the DNS cache restart the dnsmasq service.

Other Performance Improvements for pfSense

Utilizing pfSense as a caching DNS server will greatly improve the overall speed of web browsing within a network. Below are some other methods to further improve internet performance.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2013 Sam Kear


    0 of 8192 characters used
    Post Comment
    • profile image


      2 years ago

      Sir, thanks for your article. It's a great help.

      I believe that new versions of pfsense has impemented DNS Resolver as default instead of DNS Forwarder. I humbly request please do a tutorial about DNS Resolver setup/config too.

      Thanks a lot and please don't get tired helping us more.

    • profile image

      Surajit Chakraborty 

      2 years ago

      Hello sir thanks for your article. It's working if I put the pfsense server ip on my client's DNS. But in my network I have around 1050 computers.So it's next to impossible to change the dns for every computers. I am using my ISP's DNS. I want to redirect all my packets to Open DNS by port forwarding.That I am not able to configure it completely.Will you please help me.

    • profile image


      3 years ago


      its really brilliant artical thanks for it.

      let me ask you one question. like you said choose any open dns server,

      can't we choose dns ip which we got from isp?? or open dns is secure to do it??

    • skear profile imageAUTHOR

      Sam Kear 

      7 years ago from Kansas City

      @Vinay - Thanks for stopping by to read the hub.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)