[Solved] Wireguard, Android, Unbound blacklist selective blocking

[MTR]

Hi,

I'm using Unbound's blacklist feature with Wireguard on my Android devices for blocking ads on the go. This used to work fine, but recently i started to get ads in Android apps. Thing is, it's kind of selective. Ads are blocked on webpages but not in apps. But when i'm on my LAN not using Wireguard i get no ads at all. I'm unable to figure out why i'm seeing ads only in apps and only when using Wireguard. I upgraded Opnsense from 20.1 to 21.7.2 (needed to do that anyway ;)) but that didn't help.

- IP's: Opnsense 192.168.1.1/24, Wireguard Local 10.0.0.1/24, Wireguard Endpoint 10.0.0.2/32
- DNS Server in Wireguard Local is not set; tried both 192.168.1.1 and 10.0.0.1 but that didn't seem to make any difference.
- DNS Server in client's Wireguard config is set to 192.168.1.1 (10.0.0.1 doesn't work: websites take a lot longer to load and i get no ad blocking at all)
- Unbound is set to listen on the WG interface and 10.0.0.2/32 is added to Access Lists

It does do something; no ads on webpages. But why do i get ads in apps when i'm connected with Wireguard? Any ideas?

[MTR]

I 'fixed' this issue by using a port redirect for DNS coming in from the Wireguard interface. Now all DNS queries get redirected to localhost and wham, no more ads in apps. I'll mark this solved for now, as it doesn't seem to be Opnsense related but rather an issue with Android or the Wireguard Android app.