Does a DNS firewall redir rule take precedence over DNS query forward?

[tdalej]

If a query forward for a specific domain exists in unbound AND a redirect for all DNS queries are redirected to 127.0.0.1, which takes precedent?

[cookiemonster]

https://docs.opnsense.org/manual/firewall.html

[Patrick M. Hausen]

You are confusing layers. The firewall rule directs the queries at the service listening on 127.0.0.1, nothing more, nothing less.

Whatever service that is will handle the request. If that is Unbound it will apply the forward for a particular domain. If it is a different one it will do whatever it is configured to do.

[cookiemonster]

I misread the question, apologies.

[Patrick M. Hausen]

My answer was directed at the OP.

[tdalej]

Thank you both!

I thought it would work this way:
Any network covered by the rule would intercept DNS requests and send the to loopback (local DNS)
Unbound, being the local DNS would then (based on a redirect) send a query to the specified DNS server on a domain match.

If that's a correct statement, something on OPNSense is still blocking traffic between networks behind the firewall.

I'll try RTFM'ing the doc that cookiemonster pointed to.