For a firewall alias, with about 20 different hosts (fully qualified domain name), and a rule blocking traffic using that alias as destination, I could not access each of the sites using a web browser.
But moment later, I was able to access 1 site. Clear cache, using different devices that never get into that site, different browser, etc., I was still able to access the site.
I looked under diagnostic, alias for the created alias, and the IP address for the particulate problematic site is shown in the list. (I obtained the IP address using an IP address look up web site).
Please help.
More information, the site in question has many numeric IP addresses. I ping the IP address and it keeps giving me a different IP address (3 so far). Maybe it is hosted on a cloud.
The list of IP addresses for this particular site are shown in the diagnostic page of OPNSense. However, it still does not work. If I type in the IP address, versus the domain name in the web browser, it gets blocked. However, using the domain name, it works.
I am guessing OPNSense maybe having logical issue with this. Anyone mind showing where the code for this is located?
Make sure the browser is not doing encrypted DNS queries behind your back
I am not sure what you meant by that. This is a firewall rule blocking access, not the DNS (such as Unbound) override, so it's not DNS look up related. But that's just how I understand, not sure if it's correct.
Just found another issue with OpnSense. I tried to workaround the issue, but creating another alias, using IP addresses. However, when editing the firewall rule, it insists on putting the previous alias (using domain names) first, then the 2nd alias using IP addresses second. I tried to remove the 1st, save/apply, then edit, adding back the other alias, but it keeps insisting on the "order" of creation on the alias (I tried renamed them, but that does not work. It's the order of creation I believe. There is no way that I can change the order). It appears I have to create another rule/