"Quote from: SenseX on March 07, 2026, 02:32:22 PMI also redirect DoT traffic on port 853
But what is the point to redirect (instead of block) if such queries will not be served due to certificate not matching.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense
March 16, 2026, 09:29:11 PMBut what is the point to redirect (instead of block) if such queries will not be served due to certificate not matching.
#2
Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense
March 07, 2026, 05:32:21 AMQuote from: meyergru on March 06, 2026, 08:47:40 AMThe !127.0.0.1 is only to make sure no endless loop gets created if a request is initially directed at 127.0.0.1.
Thank you for your reply, but I'm not sure I get it. Can you help me with example when "a request is initially directed at 127.0.0.1" and therefore it creates a loop?
#3
Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense
March 06, 2026, 12:08:49 AMQuote from: nero355 on March 04, 2026, 10:01:50 PMYou only need to catch DNS traffic NOT going to your DNS Server IP (in this case OPNsense) and not ALL DNS traffic ;)
Yes, I completely understand that. My question is if my approach to catch the all DNS traffic is wrong or not optimal because it serves me the same results.
Quote from: nero355 on March 04, 2026, 10:01:50 PMYou could create an Alias or maybe there is one already ?
Yeah, agreed again :) I'm aware but I just noticed I can do this multi-select directly in the rule, no alias needed.
#4
Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense
March 04, 2026, 09:44:33 PMQuote from: rainydaynetwork on February 11, 2026, 01:02:29 AMWith the rules GUI change in 26.1.1 - Can anyone provide an update to this guide? There is no redirect options, DNS option in port, or NAT reflection options on the create rule page. The migration tool did not convert the rules properly for me, they break all functionality and I had to reset them.
An updated guide will definitely help to new users like me. ;-)
Also, I have some questions (I'm on OPNsense ver.26.1.2):
1. What is the reason to use the Invert condition in the suggested rule:
Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable
As I can accomplish the same by capturing DNS requests (port 53) to any destination, not only different from LAN_Address:
Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Unchecked
Destination: Any
Destination Port: 53
Redirect target IP: 127.0.0.1
Redirect target port: 53
NAT reflection: [no such option, not used]
2. About the "Note: If you have multiple networks, you would have to make a rule for each network. Make sure unbound is listening on the other network interfaces too".
Maybe specific to ver. 26.x.x but in Firewall > NAT > Destination NAT now I can pick more than one interface to the NAT rule.
So, can I do that or need such rules to every Interface/VLAN I intend to set a DNS redirection?
Thank you.
Pages1
