DNS Hairpin Rule for Pi-Hole

Started by spetrillo, August 16, 2021, 11:07:23 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 28, 2022, 10:00:37 PM #15
Quote from: Greelan on August 20, 2021, 01:55:22 PM
OK, so here is my config.
.....................

Outbound NAT:

   Interface: LAN
   TCP/IP Version: IPv4
   Protocol: TCP/UDP
   Source invert: Unchecked
   Source address: ALL_LOCAL net
   Source port: any
   Destination invert: Unchecked
   Destination address: pihole_local_ips
   Destination port: DNS
   Translation / target: Interface address
   Match local tag: forward

   Interface: LAN
   TCP/IP Version: IPv6
   Protocol: TCP/UDP
   Source invert: Unchecked
   Source address: ALL_LOCAL net
   Source port: any
   Destination invert: Unchecked
   Destination address: pihole_local_ips
   Destination port: DNS
   Translation / target: Interface address
   Match local tag: forward

dear Greelan,
when I apply these Outbound NAT settings in my OPNsense box I see a lot of Queries from obscure Chinese websites in my Pi-hole log.
Examples: www.ku6.com, www.soso.com, www.sohu.com, www.youku.com etc etc etc.
I deleted the Outbound NAT rules but kept the Port forward rules. This seems to do the trick.
(running Pi-hole with Unbound as recursive DNS server).
And sorry for digging up this old topic.....
Print
Go Up Pages 1 2
User actions