Show Posts
1
23.7 Legacy Series / Block access to external DNS rule block all DNS resolution
« on: December 02, 2023, 04:55:44 am »
Hi,
I'm running Unbound and have set up NAT port forward rules to redirect DNS traffic locally. The redirection rules work correctly however when I try adding rules to block any requests to external DNS all DNS resolution cease to function.
The NAT rules are all set up as follows: one rule for port 53 and 853 for each VLAN... I know I could group interfaces but for the time being have the set up individually.
Redirect Rules:
Block rule:
Rules look like the attached image.
Looking for advise on why the block rule isn't working. Would think the redirect rule would take precedence but instead all DNS lookups stop working when the block rule is enabled.
Should Destination be changed from "Any" to "! 127.0.0.1" ?
I'm running Unbound and have set up NAT port forward rules to redirect DNS traffic locally. The redirection rules work correctly however when I try adding rules to block any requests to external DNS all DNS resolution cease to function.
The NAT rules are all set up as follows: one rule for port 53 and 853 for each VLAN... I know I could group interfaces but for the time being have the set up individually.
Redirect Rules:
Code: [Select]
Interface: <VLAN NAME>
Protocol: TCP/UDP
Destination/Invert: Checked
Destination Address: <VLAN NAME> address
Destination Port Range: 53 (and 853 as separate rule)
Redirection IP: Loopback (127.0.0.1)
Redirect target Port: 53 (and 853 as separate rule)
Block rule:
Code: [Select]
Action: Block
Quick: Checked
Interface: <VLAN NAME>
Direction: In
Protocol: TCP/UDP
Source: Any
Destination: Any
Destination Port Range: 53
Rules look like the attached image.
Looking for advise on why the block rule isn't working. Would think the redirect rule would take precedence but instead all DNS lookups stop working when the block rule is enabled.
Should Destination be changed from "Any" to "! 127.0.0.1" ?