Help on DNS config

[hushcoden]

I'm testing protonVPN which has been configured for LAN2 of my appliance (all the devices connected to LAN2 will go through the VPN) and I have still doubts how to best configure DNS: I have attached both the port forward and the LAN2 firewall rules, could someone kindly let me know if I've done it correctly?

Also, the first rule of the firewall rules (the DNS one), is it necessary or it's redundant?

Tia.

[hushcoden]

I really struggle to wrap my head around the way to properly configure DNS in OPNsense, specifically when it comes to port forward for VPN 

Some questions which hopefully someone can help me to answer:

1) I'm using Unbound (listening on all interfaces), and should I unchceck LAN2 interface and/or the VPN interface?

   1.1) My logic suggests me I can keep Unbound out of the equation for the LAN2 interface as I'm using it for VPN purposes only, is that correct?

2) By looking at the Firewall Live View for the LAN2 interface, I see activity regarding the default gateway (it's 192.168.10.1) generating by the port forward (please see attached screenshot): is it ok/normal acitivty? i.e. I don't understand if it's using the WAN gateway or the VPN one...

*port forward*

3)  Source address should be any or LAN2 net or VPN net ?

4) Should I check Destination / Invert ?

5) I've set the port forward to Pass, hence there isn't an associated Firewall rule, BUT how do I know if actually the DNS traffic goes through the VPN tunnel ?

6) Reading the last section (Dealing with DNS leaks) of KB article WireGuard Selective Routing to External VPN Endpoint, I see in the note section just below the article that I have to add a firewall rule (the DNS server IP address provided by ProtonVPN is indeed a local IP address): is this sufficient to address question no. 5 ?

I'm really (still) quite confused 

Tia.