DNS lookup [Solved]

Started by pankaj, August 21, 2022, 10:14:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 21, 2022, 10:14:14 AM Last Edit: August 21, 2022, 09:53:28 PM by pankaj
Hi,

I am using Unbound DNS which is working fine but seems like the option to use it for machines on the LAN is optional as I was able to select a DNS server of my choice.

Code Select

pm@mhome:~$ nslookup
> ibm.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: ibm.com
Address: 96.6.233.216
Name: ibm.com
Address: 2600:1406:3c:389::3831
Name: ibm.com
Address: 2600:1406:3c:38a::3831
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> ibm.com
Server: 8.8.8.8
Address: 8.8.8.8#53


Is there a way to force LAN clients to use Unbound DNS and not be able to go to the WAN side for DNS queries?
Thanks.
August 21, 2022, 11:18:44 AM #1
Deciso DEC850v2
August 21, 2022, 02:56:51 PM #2
in my case, for may guest network, I block all outgoing DNS request to except the firewall IP

action: block
interface: guestnet
TCP: ipv4
prto: tcp/udp
source: guestnet net
Destination / Invert: checked (basically all NOT firewall)
destination: firewall address
destination port: DNS

I use invert function, but you could used "any", just make a rule above that will allows your firewall DNS first
August 21, 2022, 09:53:13 PM #3
Thanks, exactly what I was looking for!!
August 22, 2022, 09:51:54 PM #4
Just a heads up, this doesn't block DoT or DoH DNS queries, only starndard port 53 udp queries.
OPNsense 24.7.7 running on:
Dell Optiplex 3050
Intel I5-7600 @ 3.5Ghz (4 Cores)
Intel I350-T4 Nic
8G DDR4
256G SSD
August 24, 2022, 04:05:54 PM #5
good point there
Print
Go Up Pages1
User actions