How do I allow a single device outbound DNS acces while...

[stefan21]

...in general every DNS request is redirected to the OPNsense?

There are two rules configured:

1. port forward:

      LAN    TCP/UDP    *    *    ! LAN address    53 (DNS)    127.0.0.1    53 (DNS)    Redirect external DNS requests to local DNS resolver

2. rules LAN:
-->   IPv4 TCP/UDP    *    *    127.0.0.1    53 (DNS)    *    *       Redirect external DNS requests to local DNS resolver

These two rules ensure that any DNS request from every device in the LAN is redirected to the OPNsense. Assuming I want to allow the IP 192.168.29.1 to query port 53 (DNS requests) to any outbound DNS service, i.e. 1.1.1.1 or 9.9.9.9. How can I achieve this, what rules are needed. At the moment I don't get it.

Any help is appreciatetd.

[doktornotor]

Use an alias in source instead of any which covers the whitelisted hosts and tick the 'invert" checkbox.

There are many threads here about this topic, those rules are likely incomplete.

[stefan21]

Thx a lot. That does the trick. Sometimes you need someone who points you in the right direction. And while reading the hint you start asking yourself, why you weren't able to find the way for yourself.

Thank's again for helping me with this.