SecurityHive

In this article, we will configure DNS Guard on your pfSense firewall using external IP linking. You can learn more about external IP linking in our knowledgebase. Please read that article first and link your external IP.

This article is written based on pfSense 2.6.0-RELEASE.

Go to your pfSense firewall and log in as administrator. You can find the login page often via your web browser by going to https://ip-of-your-gateway/.

Click System &gt;&gt; General Setup

Enter the two DNS server IP addresses as listed on your DNS Guard server page where you linked your external IP and click Save.

1. Go to your pfSense firewall and log in as administrator. You can find the login page often via your web browser by going to https://ip-of-your-gateway/.
2. Click System &gt;&gt; General Setup
3. Enter the two DNS server IP addresses as listed on your DNS Guard server page where you linked your external IP and click Save.

We must create firewall rules to block DNS queries to other DNS servers.

Ensure you block traffic to port 53 (DNS) and 853 (DNS over TLS) except for connections to your firewall or domain controller.

Allow any source to destination gateway_ip on port 53 UDP

Allow gateway_ip source to destination DNS Guard servers on port 53 UDP

Deny any source to any destination on port 53 UDP

1. Allow any source to destination gateway_ip on port 53 UDP
2. Allow gateway_ip source to destination DNS Guard servers on port 53 UDP
3. Deny any source to any destination on port 53 UDP

Learn how to configure DNS guard on your pfSense firewall.

pfSense configuration guide (external IP linking)

Dashboard

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Configure DNS Guard as upstream

Configure firewall rules