Hello all, of course google's dns came up in a wan flapping thread and now that I am not using google's dns for anything, I still noticed that there are things on my lan that are using 8.8.8.8 so they must be hardcoded because I never put them there. As far as DNS, I am using one of two authoritative dns servers at the datacenter where I have a few VPSs running and then the backup DNS servers come from level 3. For my gateway monitoring I don't use DNS servers at all anynmore but rather have each of the two gateways ping one of my servers running on VPS instances and only I can tell these servers not to accept the. Each gateway pinging once every second only uses 6MB per gateway in 24 hours so let it roll. Before I was using Google dns servers in monitoring and dns and then started flapping so now no two ip addresses are used twice in anything related to dns or monitoring. Franco mentioned that some ISPs force their users through Google which as he said is Mean and I agree.
Now I discover that smart TVs, smartphones and other things have 8.8.8.8 hardcoded in them. Has anyone ever blocked these and if so, does it force those devices to use the DHCP server in OPNsense thus using the DNS servers WE chose or does the device lose it's ability to resolve dns?
You can use a port forwarding rule on LAN to redirect all DNS queries to your own resolver. E.g. 127.0.0.1:53 on the OPNsense. Same is frequently done for NTP.
Here is the tutorial I used to accomplish this very task:
https://forum.opnsense.org/index.php?topic=9245.0
Quote from: pmhausen on June 15, 2022, 08:02:26 AM
You can use a port forwarding rule on LAN to redirect all DNS queries to your own resolver. E.g. 127.0.0.1:53 on the OPNsense.
Redirect to loopback never worked for me, I have to use the Sense's LAN IPs instead...
Thanks folks.