Hi all,
I have Unbound DNS configured for some time now and it has worked well for my use case for all devices in the home to use Unbound. This includes firewall rules to block devices using other internal/external DNS addresses other than the OpnSense address.
I now have a device which requires to use a specified DNS server and this is now a problem as all traffic is only allowed using the local DNS address. I have tried applying a NAT port forwarding rule to resolve this as well as trying Query forwarding in the Unbound DNS UI both with no luck.
Port forwarding attempt (referencing https://forum.opnsense.org/index.php?topic=21814.0):
Interface: LAN / VLAN xx
Porto: TCP/UDP
(Source) Address: ALIAS_HOSTS_DNS_REDIR
(Source) Ports: *
(Destination) Address: !This Firewall
(Destination)) Ports: 53 (DNS)
(NAT) IP: specified external DNS IP
(NAT) Ports: 53 (DNS)
Description: Redirect external DNS to specified external DNS
How can I get this working so that a external DNS IP can be sucessfully used for specific devices/IPs?
Thanks
In addition to this, I have tried disabling the block rules on the LAN network for stopping non-unbound DNS traffic to be passed, to see if this allows me to successfully specify a DNS server on a device. However this does not work either.
I'm clearly missing something here but not sure what
Packet capture will be the most straight forward lens to see what might be happening on your side.
DoT and DoH can be tripping you up though, the former uses a different port 853. Be sure you know what protocol and port that external dns server is expecting.
I have the same requirement. For many years I have been using a NAT rule that is almost identical to yours.
The difference is that I have:
(Destination) Address: *
My rule ensures that any device in ALIAS_HOSTS_DNS_REDIR which uses the DHCP provided DNS servers will also be affected.
Your rule will not fire if a device in ALIAS_HOSTS_DNS_REDIR is using the DNS server on OpnSense (Unbound in your case).