EConfiguring Pi-Hole with pfSense for my home network.
Add the Pi-Hole IP address to pfSense > Services > DHCP Server > DNS Servers.
Do not enable DNS Forwarder.
Do not enable DNS Resolver.
Do not add a DNS entry in the System > General Setup > DNS Server Settings.
Sorry for the late reply, I am not on my threads all the time.
If I understand you correctly, you want to make sure all use Pi-Hole?
Here is what I did:
On my pfsense I made all of the devices to use a static address. Then I can control whether or not to have it pass through pi-hole or i will bypass pihole and add a simple 8.8.8.8 DNS. I had to do this for my work computer.
You don't need to change anything in PfSense. Just change the DNS entries in the DHCP server so the client machines will point to the Pi-Hole for the DNS requests.
Don't delete the DNS entries in the general setup as it needs to check for updates.
I also want to mention if you use OpenVPN on PfSense I'd change the DNS entries there so the remote clients can use the Pi-Hole as well.
My pleasure. Wow its been 2 years. I don't use pfsense anymore, I use a Ubiquity UniFi system. I also don't use pi-hole right now either because it disrupts my setup with my family on zoom or their silly discord gaming stuff and I don't have time Administering it.
I use pi-hole as my first pfsense dns server in system/general setup which is used by the pfsense forwarder. My second dns server is 1.1.1.1 (cloudflare).
This way if my pi-hole goes down (rebooting, upgrading, etc.) then pfsense will use cloudflare as the dns until pi-hole comes back online.
openvpn users into pfsense get the pi-hole ad blocking (when I'm at a coffee shop, I'll openvpn into my home system to get secure/uncluttered access to the internet).
Thought I'd share my setup/logic as the OP was no longer using pfsense/pi-hole.
I tried this as well but doing a dns leak test showed that it was using both my pi and 1.1.1.1 for DNS requests at the same time! which sometimes this might bypass your PI and go stright to 1.1.1.1 - seems like the 2nd DNS record is not there for a just in case use
In pfsense, DNS Resover queries all its DNS at once. DNS Forwarder --may-- queries all its DNS at once or do them in sequence. If you do them in sequence with PI-Hole first, everything will be resolved by PI-Hole unless it is down. In that case, after a timeout, the Forwarder will move to its second DNS. When PI-Hole comes back, queries go thtought it again.
The consequence is network delay when PI-Hole is not available but still, DNS is working all the time and PI-Hole is enforced as long as it is available. With the HA setup I created here in my Kubernetes cluster, I can expect these down time to be close to Zero from now on.