DNS lookups by opnsense server

[dunxd]

I use pihole as the DNS server on my network, with all clients told to use it via DHCP from DNSmasq running on my OPNsense box.

Daily I get warnings about rate limiting being applied to my OPNsense router's IP address, and OPNsense is making over 50% of DNS requests.

I have configured OPNsense to use only upstream DNS servers on the Settings > General page, and again for Zenarmor's DNS enrichment setting - so I would not expect the OPNsense server to be doing any DNS lookups via pihole at all.

Is there somewhere else that OPNsense might be configured to do DNS lookups?

[meyergru]

You can check the outbound DNS requests by using a tcpdump on the WAN interface for UDP port 53 and see who and what it being asked to get an idea of what it can be.

[dunxd]

I noticed that I had at some point added an entry to the 192.168.1.201 table in OPNsense for the domain * to my internal DNS.  I'm not sure why I added that since I don't mean to use DNSmasq in OPNsense for any DNS resolution other than receiving lookups from PiHole for reverse lookups of local devices.

I have removed that entry and confirmed it hasn't broken DNS on my network (yet), so I can observe over the next few hours whether this removes those lookups.

Looking at Pihole's query log it has many thousands of lookups for

• lb._dns-sd._udp.0.1.168.192.in-addr
• db._dns-sd._udp.0.1.168.192.in-addr.arpa
• b._dns-sd._udp.0.1.168.192.in-addr.arpa

coming from the OPNsense IP address. That's some kind of DNS discovery traffic.  Pihole was forwarding these back to OPNsense, so I think there is some kind of loop due to the entry I removed.