Author Topic: DNS Hairpin Rule for Pi-Hole (Read 7405 times)

Spoonman2002 · « **Reply #15 on:** August 28, 2022, 10:00:37 pm »

Quote from: Greelan on August 20, 2021, 01:55:22 pm

OK, so here is my config.
.....................

Outbound NAT:

Interface: LAN
TCP/IP Version: IPv4
Protocol: TCP/UDP
Source invert: Unchecked
Source address: ALL_LOCAL net
Source port: any
Destination invert: Unchecked
Destination address: pihole_local_ips
Destination port: DNS
Translation / target: Interface address
Match local tag: forward

Interface: LAN
TCP/IP Version: IPv6
Protocol: TCP/UDP
Source invert: Unchecked
Source address: ALL_LOCAL net
Source port: any
Destination invert: Unchecked
Destination address: pihole_local_ips
Destination port: DNS
Translation / target: Interface address
Match local tag: forward

dear Greelan,
when I apply these Outbound NAT settings in my OPNsense box I see a lot of Queries from obscure Chinese websites in my Pi-hole log.
Examples: www.ku6.com, www.soso.com, www.sohu.com, www.youku.com etc etc etc.
I deleted the Outbound NAT rules but kept the Port forward rules. This seems to do the trick.
(running Pi-hole with Unbound as recursive DNS server).
And sorry for digging up this old topic.....

Author Topic: DNS Hairpin Rule for Pi-Hole (Read 7405 times)

Spoonman2002

Re: DNS Hairpin Rule for Pi-Hole