Setting Up DNS Resolver (Unbound) in pfSense to Use Quad9


In today’s digital landscape, having a robust and secure DNS resolver is essential for ensuring a smooth and safe browsing experience. One popular option is Quad9, a DNS service that emphasizes privacy and security. In this guide, we will walk you through the process of setting up the DNS Resolver (Unbound) in pfSense to use Quad9 for your DNS queries.

Menu System – General Setup

  1. Access General Setup:
    Log in to your pfSense web interface and navigate to System > General Setup.
  2. Update Primary DNS Server:
    In the “DNS Server Settings” section, locate the primary DNS server. Change the IP address to and set the hostname to
  3. Configure Secondary DNS Server:
    For the secondary DNS server, set the IP address to and the hostname to
  4. DNS Resolution Behavior:
    Ensure that the “DNS resolution Behavior” is set to Use local DNS, fall back to remote DNS servers (default).
  5. IPv6 Configuration (Optional):
    If you’re not using IPv6, you can skip the IPv6 configuration settings in the General Setup.

Menu Services – DNS Resolver – General Settings

  1. Enable DNS Resolver:
    Go to Services > DNS Resolver and ensure that the Enable checkbox is selected.
  2. SSL/TLS Certificate:
    Keep the default SSL/TLS Certificate setting, as it is set to the webConfigurator default.
  3. Network Interfaces:
    Under “Network Interfaces,” select All to allow DNS resolution on all available interfaces.
  4. Outgoing Network Interfaces:
    Choose WAN as the outgoing network interface for DNS queries.
  5. System Domain Local Zone Type:
    Set the “System Domain Local Zone Type” to Transparent.
  6. DNSSEC Configuration:
    Since Quad9 already uses DNSSEC, you don’t need to enable DNSSEC in the pfSense settings.
  7. Enable Forwarding Mode:
    Make sure that “Enable Forwarding Mode” is enabled. This allows Unbound to forward DNS queries to external DNS servers like Quad9.
  8. SSL/TLS for Outgoing DNS Queries:
    Enable the “Use SSL/TLS for outgoing DNS Queries to Forwarding Servers” option. This ensures encrypted communication between pfSense and Quad9.


Setting up the DNS Resolver (Unbound) in pfSense to use Quad9 is a straightforward process that enhances your network’s security and privacy. By following the steps outlined in this guide, you’ve configured your pfSense firewall to route DNS queries through Quad9’s secure and reliable servers. With a strong emphasis on protecting user data and thwarting malicious activities, Quad9 ensures a safer online experience for you and your network users. Now you can enjoy faster, more secure, and private browsing while benefiting from the robust capabilities of pfSense and Quad9.

Remember, the digital landscape is constantly evolving, and staying proactive about your network’s security is paramount. Periodically revisit your DNS resolver settings and consider exploring other security-enhancing features within pfSense to ensure your network remains protected.

You may also like...