DNS Forwarder

The DNS Forwarder in pfSense® software utilizes the dnsmasq daemon, which is a caching DNS forwarder.

Unlike the DNS Resolver, the DNS Forwarder can only act in a forwarding role as it does not support acting as a resolver.

The DNS Forwarder uses DNS Servers configured at System > General Setup and those obtained automatically from an ISP for dynamically configured WAN interfaces (DHCP, PPPoE, etc).


This service is disabled by default. The DNS Resolver (unbound) is the default DNS service.

The DNS Forwarder remains enabled on upgraded installations where it was active before the upgrade.

DNS Forwarder Behavior

By default, the DNS Forwarder queries all DNS servers at once and it uses and caches only the first response it receives. This results in much faster DNS service from a client perspective, and can help smooth over problems that stem from DNS servers which are intermittently slow or have high latency, especially in Multi-WAN environments. This behavior can be disabled by activating the Query DNS servers sequentially option.