My maltrail instance on 25.4 detects malicious dns queries from my wan address on port 53. Decided to block outbound connections from wan with destination port 53. I have enabled dns over tls(quad9). When i block port 53 im loosing dns resolving. No domains are resolved. So all the time i had no dns encryption? What servers opnsense is using then? Why tls port 853 is not used?
EDIT: This dns servers was used to resolve malicious domains ips: 162.159.38.3, 172.64.35.93, 192.33.14.30 . I never set anywhere this ip addreses. I got enabled unbound as resolver + dns over tls.
This domains was resolved: cdn.prod.website-files.com, prod.website-files.com, .website-files.com
Maybe its just false positive in mailtrail?
Quote from: Siarap on April 16, 2025, 05:41:21 AMWhen i block port 53 im loosing dns resolving.
That is super shocking... 😜
That is super shocking... 😜
[/quote]
Exactly because ive set 853 tls for dns, and blocking outgoing port 53 connections from wan.
Quote from: Siarap on April 16, 2025, 06:16:40 PMExactly because ive set 853 tls for dns, and blocking outgoing port 53 connections from wan.
Outgoing firewall rules are almost never what you want. You'd have to explain your setup and rules more for us to know what you're running into.
In the meantime, I wrote about this some time ago so you may find the posts helpful.
https://www.cjross.net/dns-security-and-adblock-with-opnsense-part-1/
https://www.cjross.net/dns-security-and-adblock-with-opnsense-part-2/
Sharing screenshots of your DNS setup on OPN would help.