Setting up dns nameservers correctly

[trezyckz]

Hey folks,

actually i'm setting up OPNsense for my private projects (not the one for business) and i got a bit confused on dns setup. I want to use the dns resolver (unbound) as dns nameservers for the servers in lan.

OPNsense 24.1.8-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

Unbound is activated and i created the LAN firewall rule so that the server on lan (10.0.1.2) can access the opnsense as dns-nameservers (10.0.1.1) on destination port 53. Further i configured the server on lan (10.0.1.2) to use the opnsense (10.0.1.1) as dns-nameservers. I can see within the firewall live log, that this access works.

But i can see further, that the server on the lan (10.0.1.2) tries to access remote dns servers of my cloud provider. Shouldnt it just access the opnsense and the opnsense tries to resolve over Outbound NAT the dns servers of my cloud provider and ping back the resolution of this to the server on the lan?

Maybe I'm just misunderstanding something or have configured something incorrectly somewhere?

Best regards

[cookiemonster]

> Shouldnt it just access the opnsense and the opnsense tries to resolve over Outbound NAT the dns servers of my cloud provider and ping back the resolution of this to the server on the lan?
Yes, if it behaved as it should and sounds like it does for the OS.
What you might be seeing is apps with hardcoded with other servers.
What to do: use firewall rules to force them into compliance :)