OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • Using manually specified DNS servers for specific devices - Unbound DNS
« previous next »
  • Print
Pages: [1]

Author Topic: Using manually specified DNS servers for specific devices - Unbound DNS  (Read 1786 times)

01cooperl

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Using manually specified DNS servers for specific devices - Unbound DNS
« on: October 26, 2022, 04:32:59 pm »
Hi all,

I have Unbound DNS configured for some time now and it has worked well for my use case for all devices in the home to use Unbound. This includes firewall rules to block devices using other internal/external DNS addresses other than the OpnSense address.

I now have a device which requires to use a specified DNS server and this is now a problem as all traffic is only allowed using the local DNS address. I have tried applying a NAT port forwarding rule to resolve this as well as trying Query forwarding in the Unbound DNS UI both with no luck.

Port forwarding attempt (referencing https://forum.opnsense.org/index.php?topic=21814.0):
Interface: LAN / VLAN xx
Porto: TCP/UDP
(Source) Address: ALIAS_HOSTS_DNS_REDIR
(Source) Ports: *
(Destination) Address: !This Firewall
(Destination)) Ports: 53 (DNS)
(NAT) IP: specified external DNS IP
(NAT) Ports: 53 (DNS)
Description: Redirect external DNS to specified external DNS

How can I get this working so that a external DNS IP can be sucessfully used for specific devices/IPs?

Thanks
Logged

01cooperl

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Using manually specified DNS servers for specific devices - Unbound DNS
« Reply #1 on: October 26, 2022, 05:03:53 pm »
In addition to this, I have tried disabling the block rules on the LAN network for stopping non-unbound DNS traffic to be passed, to see if this allows me to successfully specify a DNS server on a device. However this does not work either.

I'm clearly missing something here but not sure what
Logged

cookiemonster

  • Hero Member
  • *****
  • Posts: 1823
  • Karma: 95
    • View Profile
Re: Using manually specified DNS servers for specific devices - Unbound DNS
« Reply #2 on: October 26, 2022, 05:23:36 pm »
Packet capture will be the most straight forward lens to see what might be happening on your side.
DoT and DoH can be tripping you up though, the former uses a different port 853. Be sure you know what protocol and port that external dns server is expecting.
Logged

sja1440

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 6
    • View Profile
Re: Using manually specified DNS servers for specific devices - Unbound DNS
« Reply #3 on: November 01, 2022, 07:46:48 am »
I have the same requirement.  For many years I have been using a NAT rule that is almost identical to yours.

The difference is that I have:
(Destination) Address: *

My rule ensures that any device in  ALIAS_HOSTS_DNS_REDIR which uses the DHCP provided DNS servers will also be affected.

Your rule will not fire if a device in  ALIAS_HOSTS_DNS_REDIR is using the DNS server on OpnSense (Unbound in your case).
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • Using manually specified DNS servers for specific devices - Unbound DNS
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2