Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: tdalej on January 19, 2024, 09:21:29 PM

Title: Does a DNS firewall redir rule take precedence over DNS query forward?
Post by: tdalej on January 19, 2024, 09:21:29 PM
If a query forward for a specific domain exists in unbound AND a redirect for all DNS queries are redirected to 127.0.0.1, which takes precedent?
Title: Re: Does a DNS firewall redir rule take precedence over DNS query forward?
Post by: cookiemonster on January 19, 2024, 10:51:13 PM
https://docs.opnsense.org/manual/firewall.html
Title: Re: Does a DNS firewall redir rule take precedence over DNS query forward?
Post by: Patrick M. Hausen on January 19, 2024, 11:00:54 PM
You are confusing layers. The firewall rule directs the queries at the service listening on 127.0.0.1, nothing more, nothing less.

Whatever service that is will handle the request. If that is Unbound it will apply the forward for a particular domain. If it is a different one it will do whatever it is configured to do.
Title: Re: Does a DNS firewall redir rule take precedence over DNS query forward?
Post by: cookiemonster on January 19, 2024, 11:04:49 PM
I misread the question, apologies.
Title: Re: Does a DNS firewall redir rule take precedence over DNS query forward?
Post by: Patrick M. Hausen on January 19, 2024, 11:14:09 PM
My answer was directed at the OP.
Title: Re: Does a DNS firewall redir rule take precedence over DNS query forward?
Post by: tdalej on January 19, 2024, 11:43:21 PM
Thank you both!

I thought it would work this way:
Any network covered by the rule would intercept DNS requests and send the to loopback (local DNS)
Unbound, being the local DNS would then (based on a redirect) send a query to the specified DNS server on a domain match.

If that's a correct statement, something on OPNSense is still blocking traffic between networks behind the firewall.

I'll try RTFM'ing the doc that cookiemonster pointed to.

Text only | Text with Images