pfSense Connecting to Many Different DNS Servers — not adhering to my configuration

Updated: Hosts all have reports in abuse DB…Root servers

Teri Radichel
Bugs That Bite
Published in
9 min readNov 28, 2024

--

I just deployed one pfSense device behind another and am inspecting the traffic. I have configured my pfSense firewall to only use specific IP ranges everywhere ( which you can here):

My laptop is also only configured to use CloudFlare DNS servers.

So with the above configuration, why am I seeing all this traffic connecting to other random DNS servers?

I put one pfSense behind another with a DENY ALL rule. Sometimes pfSense doesn’t show you the traffic unless you explicitly configure a rule for it.

WHAT IS THIS? Now I need to figure out if I did something wrong or where this is coming from.

2024-11-27 19:52:06.399282-05:00 INTERFACE_PRIVATE_NET  INTERFACE_TO_PRIVATE_NET: Deny All (1732755097)   192.168.10.10:24762   192.33.4.12:53 UDP
2024-11-27 19:52:00.230938-05:00 INTERFACE_PRIVATE_NET INTERFACE_TO_PRIVATE_NET: Deny All (1732755097) 192.168.10.10:34945 192.36.148.17:53 UDP
2024-11-27 19:52:00.230803-05:00 INTERFACE_PRIVATE_NET INTERFACE_TO_PRIVATE_NET: Deny All (1732755097)…

--

--

Bugs That Bite
Bugs That Bite

Published in Bugs That Bite

Helping make the world a better place, one error message at a time.

Teri Radichel
Teri Radichel

Written by Teri Radichel

CEO 2nd Sight Lab | Pentesting | Research | AWS Security Hero | Masters of Infosec & Masters Software Engineering | GSE | IANS | SANS Difference Makers Award