English Forums > Tutorials and FAQs

HOWTO - Redirect all DNS Requests to Opnsense

(1/17) > >>

Cypher100:
This tutorial will show you how to force all DNS querys to go through Opnsense router regardless of DNS servers specified on the local system. This will redirect anything going through 53 to the router itself.

Go to Services -> Unbound DNS -> General


Verify that ether ALL is selected or localhost with your LAN is selected.

or


Go to Firewall -> NAT -> Port Forward


Click the add new rule button


Set the following settings below.

Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable

Note: If you have multiple networks, you would have to make a rule for each network. Make sure unbound is listening on the other network interfaces too.

Example for Wireless network:
Interface: Wireless
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: Wireless address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable



Here is my setup as a example after adding all the rules.


Now that the port forward rules have been created. We now have to adjust the rules under the firewall to make sure the DNS redirect is hit first.

Go to Firewall -> Rules -> LAN


Move the DNS redirect rule above "Default allow LAN to any rule" rule


Then apply changes, and the final result should look like this.


Notes: If you have multiple interfaces, you would have to move the rule for each interface.

guest18611:
Hello cypher100,

Thank you very much, exactly what I was looking for!  8)

Just one question, how can I see that it is working correctly?
Because when I use 8.8.8.8 as manual DNS server everything works (as expected) but I want to see that it is really working in the Logs or somewhere else.

Thank you! :)

Cypher100:

--- Quote from: Raccoon on July 27, 2018, 12:28:54 pm ---Hello cypher100,

Thank you very much, exactly what I was looking for!  8)

Just one question, how can I see that it is working correctly?
Because when I use 8.8.8.8 as manual DNS server everything works (as expected) but I want to see that it is really working in the Logs or somewhere else.

Thank you! :)

--- End quote ---

I added yahoo.com pointing to 127.0.0.1 as a host override. Then on my windows computer I use the command "nslookup yahoo.com 8.8.8.8" to see if it resolves to 127.0.0.1. Using nslookup should bypass any DNS cache on your local computer, but if it doesn't I ran ipconfig /flushdns before running the nslookup command.

jmp20:
Thank you, this process worked well for me. I guess advanced options had a lot to do with it and no other posted mentioned such important part of the setup : /
Best!!

chris42:
How would this work on ipv6? I tried to mimic the NAT rules for ipv6, however then the DNS queries fail completely

Navigation

[0] Message Index

[#] Next page