1
Tutorials and FAQs / HOWTO - Redirect all DNS Requests to Opnsense
« on: July 26, 2018, 03:16:37 am »
This tutorial will show you how to force all DNS querys to go through Opnsense router regardless of DNS servers specified on the local system. This will redirect anything going through 53 to the router itself.
Go to Services -> Unbound DNS -> General
Verify that ether ALL is selected or localhost with your LAN is selected.
or
Go to Firewall -> NAT -> Port Forward
Click the add new rule button
Set the following settings below.
Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable
Note: If you have multiple networks, you would have to make a rule for each network. Make sure unbound is listening on the other network interfaces too.
Example for Wireless network:
Interface: Wireless
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: Wireless address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable
Here is my setup as a example after adding all the rules.
Now that the port forward rules have been created. We now have to adjust the rules under the firewall to make sure the DNS redirect is hit first.
Go to Firewall -> Rules -> LAN
Move the DNS redirect rule above "Default allow LAN to any rule" rule
Then apply changes, and the final result should look like this.
Notes: If you have multiple interfaces, you would have to move the rule for each interface.
Go to Services -> Unbound DNS -> General
Verify that ether ALL is selected or localhost with your LAN is selected.
or
Go to Firewall -> NAT -> Port Forward
Click the add new rule button
Set the following settings below.
Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable
Note: If you have multiple networks, you would have to make a rule for each network. Make sure unbound is listening on the other network interfaces too.
Example for Wireless network:
Interface: Wireless
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: Wireless address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable
Here is my setup as a example after adding all the rules.
Now that the port forward rules have been created. We now have to adjust the rules under the firewall to make sure the DNS redirect is hit first.
Go to Firewall -> Rules -> LAN
Move the DNS redirect rule above "Default allow LAN to any rule" rule
Then apply changes, and the final result should look like this.
Notes: If you have multiple interfaces, you would have to move the rule for each interface.