DNS redirect / forward , is this working correctly? ICMP packages to google

Started by spongioblast, January 11, 2021, 08:50:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 11, 2021, 08:50:28 PM Last Edit: January 11, 2021, 09:00:41 PM by spongioblast
Hi

I followed the HowTo Redirect all DNS Requests to Opnsense from here https://forum.opnsense.org/index.php?topic=9245.msg96899#msg96899. I tried to check if its working correctly by doing an "nslookup yahoo.com 8.8.8.8" and by using wireshark to see whats happening as well as scout the firewall log. See attachments for settings and logs.

In wireshark I see the response from the google dns 8.8.8.8. On the firewall log I also see ICMP packages sent to google. They seem to be sent every few seconds, regardless of my nslookup. However the forwarding request rule does seem to be triggered. (Potentially relevant, I use Unbound). It would be great if someone could help me with this, thanks.

Cheers
January 11, 2021, 08:50:53 PM #1
+ Wireshark log
January 11, 2021, 10:46:09 PM #2 Last Edit: January 12, 2021, 02:16:02 PM by sanji
Im having similar issue redirecting everything to my pihole with cloudflare upstream dns.

When I change the DNS server of my computer to 8.8.8.8 and go to https://www.dnsleaktest.com/ and start a test, it then shows a bunch of google servers, so it doesn't seem to work. Or is my understanding wrong?

In another thread (https://forum.opnsense.org/index.php?topic=15472.0) it is mentioned to create an outbound NAT translation. I dont really know if this is what it needs!?
January 12, 2021, 10:02:12 PM #3
The ICMP packages came from an old gl wifi router. All good, seems its working correctly. Is there any way to check for sure if it is working correctly?
January 12, 2021, 11:48:09 PM #4
I see you set followong DNS servers in OPNsense: 1.1.1.1, 1.0.0.1, 9.9.9.9 and 149.112.112.112

You said that if you do an "nslookup yahoo.com 8.8.8.8", you are getting a response from google DNS. This doesn't seem correct to me.
If you are redirecting all DNS to OPNsense, then shouldn't the response come from one of the DNS servers you set in OPNsense (1.1.1.1, 1.0.0.1, 9.9.9.9 or 149.112.112.112) instead of the Google DNS?

That would be the whole point in doing this. To prevent overriding the DNS on the client.

But, as I've said, it doesn't work for me either. I don't know what im doing wrong.
Print
Go Up Pages1
User actions