¶ Legacy DNS
Follow the steps below to configure ControlD on your pfSense router.
Keep in mind that pfSense routers use legacy DNS at the moment.
¶ Step 1
Open your pfSense router interface in your browser by navigating to the gateway IP. For example if the gateway IP is 192.168.1.1 then enter this in your browser.
¶ Step 2
From the main pfSense interface, open the Services dropdown from the top and select the DNS Resolver option.
¶ Step 3
Check the “Enable DNS resolver” option at the top.
¶ Step 4
Next, scroll down the page and find the DNSSEC checkbox. Make sure this is DISABLED by unchecking it.
Slightly lower, you will see the “DNS Query Forwarding” option. Check this so that it is ENABLED.
¶ Step 5
At this point scroll down a bit further and Save the settings.
And finally at the top of the page press the Apply Changes button.
¶ Step 6
Back at the top of the page, open the System dropdown and head to the General Setup section.
¶ Step 7
Now determine which DNS resolver you want to use. If you are configuring our free DNS resolvers, you can use these IPs:
- Unfiltered → 76.76.2.0
- Block Malware → 76.76.2.1
- Block Malware + Ads → 76.76.2.2
- Block Malware + Ads + Social → 76.76.2.3
If you are configuring a custom DNS resolver, you can find your custom DNS IP in the My Account section:
¶ Step 8
Once you have selected the DNS IP you want to use, you can enter it in the DNS Server field on the General Setup page.
¶ Step 9
Right below the DNS Server, you will see an option called “DNS Server Override”. This option should be DISABLED so make sure you uncheck the box.
¶ Step 10
Just after you can choose the “DNS Resolution Behavior”. Click the drop-down for this option and select “Use remove DNS Servers, ignore local DNS”.
¶ Step 11
Finally, scroll to the bottom of the page and press Save.
After the router saves this configuration, any device connected to the pfSense should now be using the ControlD resolver you've set.
Keep in mind that if you configure a custom DNS on any of the individual devices connected to this router, those devices will not be using the DNS you configured here.