Multiple random DNS servers accessed by firewall


I am new to IPFire and had a question regarding the DNS proxy server. I noticed last night that there were multiple connections opened to various DNS servers from around the world (Brazil, US, CA, UK, Mexico, AS WELL AS my ISP DNS servers) In my setup i had chosen the option to NOT use ISP DNS servers, but i hadn’t provided a custom DNS server.

In my logs I can see that during the time of these connections there seemed to be and ipblocklist update, which would explain the many connections. My question is, does IPFire use its own selected DNS servers when none is provided? Why was there a connection to so many different random DNS servers as opposed to one? How are they selected?

I have since set up connection to over TLS but I’m just wondering why this happened.


So your IPFire tells devices in it’s LAN here is my DNS.
PC"s in your LAN say thanks.
But they are free to use any DNS they choose!
So your Windows PC may use
So what to do.
Redirect there DNS to IPFire with a firewall rule.
Hope that helps

Any cast DNS can come from any where!
It is best to use multiple DNS providers.


Hi @hvacguy

So the DNS traffic in question is initiated from the WAN/RED side, my LAN is all tunneled through a different proxy. Which is why i forgot to set up DNS servers in the first place.

Now that I have set up, i can see that RED/WAN initiated DNS queries go through which is great. I was just wondering, prior to having set this up, how does ipfire decide which dns servers to use for its own outgoing requests (updates, etc…)

EDIT: it looks like unbound was using the roots.hint file to connect to the root servers. I believe these were the “random” servers I saw.

Second part to the question then is, does IPFire recommend the use of unbound’s root servers over specifying a direct resolver like ?

I believe that when you have no DNS servers specified in the WUI page and you have disabled the ISP’s servers then IPFire runs in Recursor Mode. See the following Blog post section.