redirect dns

[terry274]

I have a port forward redirect rule for DNS. I can see in the logs that the rule works. However, some DNS continues to go out from the WAN, to servers that are not what I have setup in Unbound.
I am referring to the 8.8.8.8 destination in the picture.
How do I set up OPNsense to only allow the DNS server I specify?

Edit: I noticed the packets I am seeing are ICMP packets, not DNS lookups. 

[tiermutter]

The log only shows some ICMP (eg ping) to 8.8.8.8, thats not DNS traffic and you have not to worry about.
I guess you are redirecting all 53/DNS, but remember that DoH, DoT or (maybe) DoQ will not be redirected and consequently answered by non-desired servers outside your LAN.

[Vilhonator]

Unless you host your very own public DNS servers, you can't completely controll which DNS servers recieve requests.

Anyway, the way how DNS redierection works is that it prevents computers within that network using google dns.

Let's say that domain name your opnsesne uses is opnsense.home.tease and it's private ip is 192.168.1.1 and you created dns redirect rule. Way you know it works is by opening command prompt, and typing nslookup 192.168.1.1 8.8.8.8.

if result is:

Server:  dns.google
Address:  8.8.8.8

Name:    opnsense.home.tease
Address:  192.168.1.1

Then it is working.

DNS redirection is mostly usefull on corporate and school networks, when you want to hide primary DNS server but still need a DNS server with records to intranet stuff or use DNS blocking and prevent people bypassing it by simply changing the DNS server.