Does a DNS firewall redir rule take precedence over DNS query forward?

Started by tdalej, January 19, 2024, 09:21:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 19, 2024, 09:21:29 PM
If a query forward for a specific domain exists in unbound AND a redirect for all DNS queries are redirected to 127.0.0.1, which takes precedent?
January 19, 2024, 10:51:13 PM #1
January 19, 2024, 11:00:54 PM #2
You are confusing layers. The firewall rule directs the queries at the service listening on 127.0.0.1, nothing more, nothing less.

Whatever service that is will handle the request. If that is Unbound it will apply the forward for a particular domain. If it is a different one it will do whatever it is configured to do.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 19, 2024, 11:04:49 PM #3
I misread the question, apologies.
January 19, 2024, 11:14:09 PM #4
My answer was directed at the OP.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 19, 2024, 11:43:21 PM #5
Thank you both!

I thought it would work this way:
Any network covered by the rule would intercept DNS requests and send the to loopback (local DNS)
Unbound, being the local DNS would then (based on a redirect) send a query to the specified DNS server on a domain match.

If that's a correct statement, something on OPNSense is still blocking traffic between networks behind the firewall.

I'll try RTFM'ing the doc that cookiemonster pointed to.

Print
Go Up Pages1
User actions