Question on DNS Queries

[headbanger]

I am trying to direct all DNS queries to the provider of my choice and I want to use DOT from opnsense to go there.  I know the issues with DOH and that I can't completely block it, that is not my question.  My question is that when looking at the log I see entries going to 9.9.9.9:53 and 8.8.4.4:53 only on the wan interface with a description "let out everything from the firewall host itself (forece gw)".  From this I gather that opnsense is doing queries on its own, not coming from any interface and it chose to use these DNS providers.  Am I correct?  If not can someone explain what this means?  If I am correct then where are the settings to tell opnsense which DNS provider I want to use?

[viragomann]

From this I gather that opnsense is doing queries on its own, not coming from any interface and it chose to use these DNS providers.  Am I correct?

Maybe. The requests can also come from inside, but you haven't enable logging.

It it's from OPNsense check System: Settings: General.
Have you stated this servers here?
Or is "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked. If so, the can be set by the ISP.

[headbanger]

Thanks for your help.  The entries were coming from my iot interface.  Apparently some iot devices use these DNS servers.  I put in a NAT port forward rule to redirect all port 53 requests to local host.  That then routes them through the DOT server I selected.  I now see the port 853 requets logging on wan.

To answer your two questions, there are no DNS servers in system->settings->general but I did have "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked.  I unchecked it.

Thanks again for your help, this is a great forum and opnsense is a great product.