PFSense, Pihole, and Unbound

This post explains how to tie Pihole and PFSense’s DNS Resolver together.

DNS queries will follow the path: client, Pi-Hole, pfSense, Internet

PFSense Changes

In System / General Setup:

Enter values for both a hostname and domain. My domain for example is home.

DNS Server Settings, DNS Servers. Enter your choice of DNS Servers to pull from. 9.9.9.9 and 149.112.112.112 were used.

In Services / DNS Resolver / General Settings:

Check Enable DNSSEC support.

Uncheck Enable DNS Forwarding Mode - uses DNS root servers.

Check Register DHCP leases in the DNS Resolver.

Check Register DHCP static mappings in the DNS Resolver.

Add any systems on your LAN with static IPs as Host Overrides. These should have the same domain as that specified in System / General Setup.

In Services / DHCP server:

For Domain Name, enter the same domain name as that specified in System / General Setup and in DNS Resolver Host Overrides.

On Pi-hole…

In Settings / DNS:

Under Upstream DNS Servers, enter the IPv4 address for the LAN interface on your pfSense system for Custom 1 (IPv4). Optionally enter the IPv6 address for the LAN interface on your pfSense for Custom 3 (IPv6).

Use no other upstream DNS servers - remove the Cloudflare servers.

Under Advanced DNS settings, Uncheck Never forward non-FQDNs.

Under Advanced DNS settings, Uncheck Never forward reverse lookups for private IP ranges.

After setting these, make sure you renew the DHCP leases on the clients.

Pi-hole will now resolve hostnames of DNS clients (using reverse lookups), and report these by hostname in the dashboard and in queries rather than by IP.