Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why?
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why? (Read 632 times)
Gizmo
Newbie
Posts: 12
Karma: 1
DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why?
«
on:
June 08, 2024, 01:44:46 am »
Hi all,
Recently I've notice one device, my iPhone on my home private network uses cloudflare DNS servers, even though my Opnsense setup is set to use Quad9 DoT. Everything on my network successfully uses Quad9 DoT, except my phone, bizarre.
Testing methods
On my phone when carrying out DNSleak tests, cloudflare servers show up. When using other devices such as my laptop, dns leak tests and the "Am I on quad9" page show I'm using quad9.
General setup notes
Opnsense Firewall /gateway > Omada Switch > Omada EAPs
System DNS set to 9.9.9.9 and 149.112.112.112 Quad9 servers
Unchecked for allow DNS to be overridden
Unchecked "Do not use local DNS..."
Unchecked allow default gateway switching
Unbound enabled
DNS over TLS enabled for both IPV4 and IPV6 Quad9 servers
VLANs and DNS Setups
Omada - - DNS for DHCP set to quad9
IOT - DNS for DHCP set to quad9
Private - DNS for DHCP set to quad9
Guest - DNS for DHCP set to google
Smart TV - DNS for DHCP set to NordVPN
Any advice welcomed.
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why?
«
Reply #1 on:
June 08, 2024, 02:01:44 am »
simple. The device is not respecting what dns server the dhcp server gives it to use. it's hardcoded to use something else.
What to do? Create a firewall rule to force it. A quite old resource
https://labzilla.io/blog/force-dns-pihole
but a search for "hardcoded dns" will give you plenty of links.
As per that link, needs a rdr rule to your dns "server", Unbound.
Logged
Gizmo
Newbie
Posts: 12
Karma: 1
Re: DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why?
«
Reply #2 on:
June 15, 2024, 02:54:47 am »
Hi there,
Thanks for sharing, turns out it's a Safari advanced setting, which when turned off fixes the issue, for iPhone users.
To fix (n case anyone else encounters this): Go to settings > Safari > Advanced > Advanced Tracking and Finger printing protection - Change to private browsing only. This way it provides the option if one wants to have that protection available.
I'll try this built in option on the firewall as well.
Cheers
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS Server Setup - All Devices on Quad9 except one on Cloudflare - Why?