====== PFSense - DNS - Local DNS on PFSense, everything else on PiHole ======

Have Pi-hole resolve hostnames of DNS clients, and report by hostname rather than IP, then DNS queries should follow the path:

<code>
client -> Pi-hole -> pfSense -> Internet
</code>

----

===== Configure pfSense =====

Navigate to **System -> General Setup**.

In **System**:

  * hostname:  **pfSense**.
  * domain:  **localdomain**.

{{:pfsense:dns:pfsense_-_system_-_general_setup_-_system.png?800|}}

----

In **DNS Server Settings**:

  * DNS Servers:  **Enter values for DNS Servers**.
  * DNS Server Override:  **Not Checked**:
  * Disable DNS Forwarder:  **Checked.**  This forces the firewall to use the DNS servers entered above.

----

===== Configure DNS Resolver =====

Navigate to **Services -> DNS Resolver -> General Settings**.

In **General DNS Resolver Options**:

  * Enable:  **Checked**.  This enables the DNS Resolver.
  * Network Interfaces:  **Select the Network Interface to apply**.  LAN and localhost.
  * DNSSEC:  **Checked**.
  * DNS Query Forwarding:  **Not Checked**.
  * DHCP Registration:  **Checked**.
  * Static DHCP:  **Checked**.

In **Host Overrides**:

  * Add systems with static IPs as Host Overrides.
 
<WRAP info>
**NOTE:**  These should have the same domain as that specified in **System -> General Setup**.
</WRAP>

----

===== Configure DHCP =====

Navigate to **Services / DHCP Server**.

Select the Interface to configure, such as LAN.

In **General Options**:

  * Enable:  **Checked**.

In **Servers**:

  * DNS servers:  **Enter the IP address of the Pi-hole**.

In **Other Options**:

  * Domain name:  Enter the same domain name as that specified in **System -> General Setup**.

----

====== Configure Pi-hole ======

Navigate to **Settings -> DNS**:

In **Upstream DNS Servers**:

  * Custom 1 (IPv4):  **Enter the IPv4 address for the LAN interface on your pfSense**.
  * Custom 3 (IPv6):  **(Optional)  If using IPv6 on the pfSense, then populate the IPv6 address for the LAN interface on your pfSense**.

----

In **Advanced DNS settings**:

  * Never forward non-FQDNs:  **Not Checked**.
  * Never forward reverse lookups for private IP ranges:  **Not Checked**.

----

<WRAP info>
**NOTE:**  Renew the DHCP leases on the clients.

The pi-hole server will automatically do reverse lookups on the clients.

Therefore the pi-hole should show the host names instead of IP addresses.
</WRAP>