Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Intercept External DNS Request - SOLVED
« previous
next »
Print
Pages: [
1
]
Author
Topic: Intercept External DNS Request - SOLVED (Read 1173 times)
seion
Newbie
Posts: 9
Karma: 0
Intercept External DNS Request - SOLVED
«
on:
August 31, 2023, 03:29:08 pm »
So here is my current setup:
- OPNSense, latest version
- Unbound Turned OFF
- AdGuardHome Plugin on OPNSense running on 53
I have 2 rules to BLOCK any 53/853 traffic that is not "This Firewall" which worked just fine. (See screenshot with 2 rules attached).
My issue is that random stuff in my house wont work because they are hard coding google DNS into them. So my idea was to intercept those requests and point them to my internal DNS (AdGuardHome). So I looked it up in google and a couple of pages showed how to setup a port forward rule to redirect 53 to 127.0.0.1. I set this up but I cannot get it to work.
When I do a `nslookup google.com 8.8.8.8` it times out.
Attached are some screenshots of my rules, I left the blocks in place but put them after the redirect rule. If anyone has some ideas on how to get this to work, please let me know.
«
Last Edit: August 31, 2023, 09:42:16 pm by seion
»
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Intercept External DNS Request
«
Reply #1 on:
August 31, 2023, 05:31:47 pm »
try redirecting it to the ip address of the interface. Soo say this is the LAN and the ip of it is 192.168.10.1 then that's what you redirect to. Otherwise post the output of "sockstat -l" that is a uncapitalized "L" and needs sudo.
What we're after is what ip have a dns listener.
Logged
seion
Newbie
Posts: 9
Karma: 0
Re: Intercept External DNS Request
«
Reply #2 on:
August 31, 2023, 09:10:05 pm »
This fixed the issue, I changed the port forward to forward to the LAN Router Address (11.12.13.1) also ran the the sockstat
root@SeionRouter:~ # sockstat -l | grep :53
root AdGuardHom 77597 15 udp4 11.12.13.1:53 *:*
root AdGuardHom 77597 21 tcp4 11.12.13.1:53 *:*
I was also having an issue with domains resolving directly from the router shell (pkg update was not working) and I think its the same reason.
Is there a way make it work so that 127.0.0.1 works because the /etc/resolv.conf is pointing to itself and that wont work for the same reasons as this original post. Make AdGuardHome listen on all interfaces (except wan??)
Logged
Patrick M. Hausen
Hero Member
Posts: 6871
Karma: 577
Re: Intercept External DNS Request
«
Reply #3 on:
August 31, 2023, 09:20:53 pm »
I have AGH listen on 127.0.0.1 and NAT port forward rules on each interface where clients use AGH.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
seion
Newbie
Posts: 9
Karma: 0
Re: Intercept External DNS Request
«
Reply #4 on:
August 31, 2023, 09:24:25 pm »
I'll start digging into AGH on how to change on what ip its listening on, unless you can tell me pretty quickly lol
Logged
seion
Newbie
Posts: 9
Karma: 0
Re: Intercept External DNS Request
«
Reply #5 on:
August 31, 2023, 09:41:57 pm »
Figured it out. The files are in /usr/local/AdGuardHome and updated the yaml file to bind to 0.0.0.0 and that fixed my package problem and my other problem. Thanks all
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Intercept External DNS Request - SOLVED