English Forums > Tutorials and FAQs
HOWTO - Redirect all DNS Requests to Opnsense
tiermutter:
--- Quote from: meschmesch on November 25, 2021, 12:01:08 pm ---Could you please share the link for this github list?
--- End quote ---
Sorry, didnt read until today...
This are the lists I am using:
https://raw.githubusercontent.com/BBerastegui/fresh-dns-servers/master/resolvers.txt
https://raw.githubusercontent.com/flo-wer/doh-list/master/domains.txt
https://raw.githubusercontent.com/neargle/public-dns-list/master/all.txt
https://raw.githubusercontent.com/oneoffdallas/dohservers/master/iplist.txt
https://raw.githubusercontent.com/oneoffdallas/dohservers/master/ipv6list.txt
https://public-dns.info/nameservers-all.txt
dariuszszyc:
Hello,
I just wanted to say that this HOWTO saved me a ton of trouble I had with my Android mobiles, that were not seeing local hosts even though they are added in the default DNS (which is piHole).
Apparently, my mobiles were still looking for them outside and so it failed.
Once I redirected all external DNS queries to my piHole - everything works great !
Thanks for this !
RamSense:
I have this working also. But what I do not understand or know how to do this in the FW rules, is what zenarmor/sensei does. It looks like it goes one step further.
With the settings in this forum thread and when I do nslookup google.com 1.1.1.1
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: google.com
Address: 142.251.39.110
------------
But with zenarmor app control - blocking - "network management" I get:
nslookup google.com 1.1.1.1
;; connection timed out; no servers could be reached
and nslookup google.com 192.168.1.1 (opnsense ip)
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: google.com
Address: 142.251.39.110
So how to create this effect in the firewall of opnsense without sensei/zenarmor? looks even more secure. Allowing opnsense dns but no other
Greelan:
If DNS forwarding is set up correctly then the outcome is achieved and you don’t need additional rules. A host may think it is using other DNS servers but it is actually not. That’s a more sophisticated outcome than just blocking the other DNS servers entirely.
RamSense:
yes ok. I did a rewrite check on yahoo.com to 127.0.0.1 and that worked:
nslookup yahoo.com 9.9.9.9
Server: 9.9.9.9
Address: 9.9.9.9#53
Non-authoritative answer:
Name: yahoo.com
Address: 127.0.0.1
But why I asked it that I have some bird box cams on the network that are blocked from internet access.
I noticed with the sensei/zenarmor blocked network management that it was blocking port 53 queries from those bird boxes. That made me think what to do, block port 53 access for those cam's or just keep current redirect all DNS as sufficient ?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version