English Forums > Tutorials and FAQs

HOWTO - Redirect all DNS Requests to Opnsense

<< < (4/17) > >>

sanji:
I tried the different methods from this thread to redirect everything to my pihole with cloudflare upstream dns.

When I change the DNS server of my computer to 8.8.8.8 and go to https://www.dnsleaktest.com/ and start a test, it then shows a bunch of google servers, so it doesn't seem to work. Or is my understanding wrong?

In another thread (https://forum.opnsense.org/index.php?topic=15472.0) it is mentioned to create an outbound NAT translation. I haven't read that anywhere else. So is this needed?

abulafia:
Redirecting DNS to 127.0.0.1 seem to fail for me:

Whereas a redirect to the relevant LAN/VLAN's gateway (e.g. 192.168.1.1:53) works, a redirect to 127.0.0.1:53 does not:

--- Quote ---nslookup www.ft.com ns2.google.com.
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  216.239.34.10

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an UnKnown.
--- End quote ---

The DNS request shows up in my (adguard home) logs, but apparently the response to my client is faulty.

If redirecting to 192.168.1.1, the redirect works and the client "does not notice":

--- Quote ---nslookup www.ft.com ns2.google.com.
Server:  ns2.google.com
Address:  216.239.34.10

Nicht autorisierende Antwort:
Name:    ft2.map.fastly.net
Addresses:  151.101.2.209
          151.101.66.209
          151.101.130.209
          151.101.194.209
Aliases:  www.ft.com
--- End quote ---

What could be the reason?

Redirecting to 127.0.0.1 would be favourable as I could apply it globally to all local LAN/VLAN/VPN interfaces, whereas redirecting to a gateway address would require individual rules for each interface (bleh!).

cookiemonster:
that would be the case if you have disabled it on Systems > Settings > General > "Do not use the local DNS service as a nameserver for this system"
One quick way to check is to see the contents of your /etc/resolv.conf file. I suspect it doens't have 127.0.0.1
Whether that is what you want or not is another matter.

abulafia:
Thanks but that's not it - the option is unchecked..

Probably more of a firewall issue I guess?

TarrasQ:

--- Quote from: abulafia on September 16, 2021, 06:42:14 pm ---Thanks but that's not it - the option is unchecked..

Probably more of a firewall issue I guess?

--- End quote ---

Did you ever solve this issue?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version