How to force all DNS resolution to one service

Greetings. For my own reasons, for a while I’d like to try forcing all DNS resolution to go through Quad-9. I thought I heard on Security Now that there was a way to do this with pfSense running DNSthingy, but I can’t find the topic. (And I can’t yet find a HowTo on your support pages.) Can you post a reply or a HowTo with a step-by-step guide to restrict outgoing DNS requests to and block all other DNS resolvers?

Hey Stephen, when you use DNSthingy on pfSense there is a checkbox called “DNS Firewall Rules” under Services / DNSthingy.

When this is checked - which it is by default - firewall rules will be inserted into pfSense to block any attempts on your network to use some other DNS service.

Then to specifically use Quad9 as the upstream resolver, from your dashboard at (or click the Edit button where it says Default treatment

And then select Quad9.

This will block and actually hijack any requests to other DNS resolvers, and use Quad9.


Arthur and team, it is done and working splendidly. Very happy with the service; great product.

1 Like