Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
dns-redirection with pihole and resolver
« previous
next »
Print
Pages: [
1
]
Author
Topic: dns-redirection with pihole and resolver (Read 1095 times)
parker_lewis
Newbie
Posts: 3
Karma: 0
dns-redirection with pihole and resolver
«
on:
August 29, 2023, 07:51:00 pm »
Hi there,
Whats the aim?
I'd like to redirect all dns traffic to 1) pi hole and 2) back to unbound resolver on opnsense. there are reason for not using unblock dns blocking...
the whole lan is 192.168.2.0/26
pi hole is 192.168.2.58
unbound/opnsense is 192.168.2.1.
After reading and trying almost every tutorial..., help! i'm lost in configuration and ending up mostly:
No change, other dns servers are reachable.
No other dns server is reachable, but NO redirection oder client -> pihole working [broken way to] unbound.
In my understanding the way should be:
NAT -> port forwarding:
LAN DNS to 192.168.2.58 (pi hole)
pi hole to unbound (192.168.2.1)
firewall outblock outgoing blockrule für any 53 but for 192.168.2.1
but how should to rule look like? i also tried to bring unbound on port 5353 but dns was also broke... :'(
thanks for your help,
chris
Logged
CJ
Hero Member
Posts: 832
Karma: 30
Re: dns-redirection with pihole and resolver
«
Reply #1 on:
September 05, 2023, 03:37:11 pm »
Post your port forward and firewall rules. Did you add an exception to the port forward for the pihole?
Why are you blocking 53 if you're forwarding it to the pihole?
Logged
Have Answer, Will Blog
9axqe
Full Member
Posts: 201
Karma: 4
Re: dns-redirection with pihole and resolver
«
Reply #2 on:
September 06, 2023, 07:21:42 am »
I have set this up with adguard home, although in my case ADH is running on the opnsense itself. It works fine, but only since 23.7, before the redirect would not overwrite the source IP: computer sends DNS lookup to 1.1.1.1 for example, answer came back from 192.168.1.1 for example, hence computer would ignore it and DNS was broken. I am on 23.7.3 now and it works fine.
Firewall rule, on LAN interface:
Block source IP !firewall (this means "anything but opnsense"), any source port, IPv4 and IPv6, to any IP, destination port 53 UDP and TCP.
Block source IP !192.168.2.58 (this means "anything but pihole"), any source port, IPv4 and IPv6, to any IP, destination port 5353 UDP and TCP.
For redirect, it's simple:
LAN intf, from any IP, from any port, IPv4, dest IP !LAN_address (not your LAN subnet), any dest port, redirect to 192.168.2.58.
Maybe the same again for IPv6 if you use IPv6.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
dns-redirection with pihole and resolver