still see traffic going out via 53

Started by robertkwild, December 10, 2025, 08:43:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 10, 2025, 08:43:57 AM
hi all,

enabled DNS over TLS via here

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-dot-on-opnsense

getting stuck when i create my own fw rules and nat to stop 53 out

as i have a few fw rules, should i create the block for 53 at the bottom so its first or at the top

thanks,
rob
December 10, 2025, 01:17:59 PM #1
Firewall rules are processed from top to bottom, so top
Deciso DEC850v2
Today at 12:30:00 AM #2 Last Edit: Today at 12:49:01 AM by robertkwild
thanks RamSense

doing this command on my opnsense

tcpdump -i vtnet0 port 853

should i replace vtnet0 with my lan or wan interface?

thats very wierd i made a floating rule to block 53 and it worked as i couldnt access any websites anymore but when i did a tcpdump on my lan interface on 53 i could see loads of activity so somethings wierd, so it looks like my DoT isnt working

thanks,
rob
Print
Go Up Pages1
User actions