Print Page - Guest VLAN can't resolve DNS (I'm using Unbound for all my interfaces)

Title: Guest VLAN can't resolve DNS (I'm using Unbound for all my interfaces)
Post by: warheat1990 on December 31, 2021, 11:13:14 AM

Hello friend,

I'm using Unbound DNS for all interfaces in my network.

(https://i.imgur.com/6m1bYHm.png)
(https://i.imgur.com/nCxQMBB.png)

I have a Guest network (VLAN100), I block this Guest network from accessing other network (RFC1918) in the Firewall rules.

(https://i.imgur.com/OfrO41B.png)

Unfortunately, that means the clients under Guest VLAN won't be able to resolve DNS. How do I block Guest VLAN from accessing private network (RF1918) but still allow the clients under Guest VLAN to resolve the DNS?

Title: Re: Guest VLAN can't resolve DNS (I'm using Unbound for all my interfaces)
Post by: KHE on December 31, 2021, 11:52:53 AM

Hi

simply but a rule on top of the block rule to allow the traffic from the Guest net to the Guest address with port 53 (DNS) and IPv4 UDP or IPv4 TCP/UDP.

KH

Title: Re: Guest VLAN can't resolve DNS (I'm using Unbound for all my interfaces)
Post by: warheat1990 on December 31, 2021, 01:07:26 PM

Quote from: KHE on December 31, 2021, 11:52:53 AM
Hi

simply but a rule on top of the block rule to allow the traffic from the Guest net to the Guest address with port 53 (DNS) and IPv4 UDP or IPv4 TCP/UDP.

KH

Thanks, works perfectly
(https://i.imgur.com/6SCcVEc.png)

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: warheat1990 on December 31, 2021, 11:13:14 AM