I have ths issue with OPNsense 24.7.10 When I enable Suricata in IPS mode (active on the WAN interface), any connection to DNS servers using DNSCrypt or DNS over TLS, generated by DNSCrypt Proxy or Unbound, is blocked by default.
I also tried disabling all the IPS rules, but the blocking still occurs. Therefore, it doesn't seem to be a ruleset issue but rather a problem with Suricata itself.
The issue occurs with both the standard version and the one using the telemetry ruleset.