16
General Discussion / Re: How to block upstream DNS to port 53?
« on: February 07, 2021, 02:57:14 am »
I do have an outbound rule blocking outbound 53 on LAN, but again, because the floating rules are applied before any other rules, the traffic is allowed out in spite of that rule.
My understanding is that if you want Unbound to ONLY use DNS over TLS, you do not check the forwarding mode box, because that causes it to forward the traffic to the upstream servers listed in System: General Setup on port 53, as opposed to using the DNS-over-TLS servers configured on the Miscellaneous page. And once again: Unbound is successfully using those upstream servers. That is not the problem. The problem is this stray additional traffic from the firewall itself, to 8.8.8.8.
The big question is, where is it getting 8.8.8.8 when that server is not configured anywhere in OPNsense's setup?
My understanding is that if you want Unbound to ONLY use DNS over TLS, you do not check the forwarding mode box, because that causes it to forward the traffic to the upstream servers listed in System: General Setup on port 53, as opposed to using the DNS-over-TLS servers configured on the Miscellaneous page. And once again: Unbound is successfully using those upstream servers. That is not the problem. The problem is this stray additional traffic from the firewall itself, to 8.8.8.8.
The big question is, where is it getting 8.8.8.8 when that server is not configured anywhere in OPNsense's setup?