Why isn't my port forward that forces all DNS to be resolved locally working?

Started by baz, December 04, 2021, 07:07:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 04, 2021, 07:07:21 PM
I have setup a port forward to force all DNS queries to be resolved locally like so:

interface: LAN
source: any
source port: any
destination: !LAN net (inverted)
destination port: 53
nat IP: 127.0.0.1
nat port: 53

To test this, I changed the DNS on my wired LAN desktop to Cloudflare's 1.1.1.1 then did an nslookup of google.com and it returned that it was using server: one.one.one.one (1.1.1.1) instead of 192.168.0.1 as it should.

Any idea why?
December 04, 2021, 07:59:17 PM #1
TCP+UDP?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 04, 2021, 08:04:53 PM #2
Good question, yes "TCP/UDP"
December 04, 2021, 10:23:12 PM #3 Last Edit: December 04, 2021, 10:30:04 PM by Greelan
Are you sure it is not working? As far as nslookup is concerned, it is asking 1.1.1.1, but that doesn't mean that the reply is coming from there

A good way to check is to query a local DNS record - if a correct reply is received, then the redirect must be working, because Cloudflare would not know about the local DNS record

Alternatively turn on logging on your rules and watch the traffic when a request is made
December 04, 2021, 10:52:23 PM #4
Great call! I didn't realize that's how it works, but I'm sure you're right, it just prints whats registered, not what's happening. Turning the forward off creates failures finding local domains and turning it on successes, so all is good again 👍
Print
Go Up Pages1
User actions