OPNsense Forum

English Forums => General Discussion => Topic started by: pankaj on August 21, 2022, 10:14:14 am

Title: DNS lookup [Solved]
Post by: pankaj on August 21, 2022, 10:14:14 am

Hi,

I am using Unbound DNS which is working fine but seems like the option to use it for machines on the LAN is optional as I was able to select a DNS server of my choice.

Code: [Select]

pm@mhome:~$ nslookup
> ibm.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: ibm.com
Address: 96.6.233.216
Name: ibm.com
Address: 2600:1406:3c:389::3831
Name: ibm.com
Address: 2600:1406:3c:38a::3831
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> ibm.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Is there a way to force LAN clients to use Unbound DNS and not be able to go to the WAN side for DNS queries?
Thanks.

Title: Re: DNS lookup
Post by: RamSense on August 21, 2022, 11:18:44 am

I think this is the info you are looking for:

https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/ (https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/)

Title: Re: DNS lookup
Post by: tong2x on August 21, 2022, 02:56:51 pm

in my case, for may guest network, I block all outgoing DNS request to except the firewall IP

action: block
interface: guestnet
TCP: ipv4
prto: tcp/udp
source: guestnet net
Destination / Invert: checked (basically all NOT firewall)
destination: firewall address
destination port: DNS

I use invert function, but you could used "any", just make a rule above that will allows your firewall DNS first

Title: Re: DNS lookup
Post by: pankaj on August 21, 2022, 09:53:13 pm

Thanks, exactly what I was looking for!!

Title: Re: DNS lookup [Solved]
Post by: axsdenied on August 22, 2022, 09:51:54 pm

Just a heads up, this doesn't block DoT or DoH DNS queries, only starndard port 53 udp queries.

Title: Re: DNS lookup [Solved]
Post by: tong2x on August 24, 2022, 04:05:54 pm

good point there