HOWTO - Redirect all DNS Requests to Opnsense

Started by Cypher100, July 26, 2018, 03:16:37 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 7 8 9
User actions
January 01, 2026, 02:33:20 AM #120
I don't have a "Default allow LAN to any rule". do I need it? If so, where can I find instructions? TIA
January 02, 2026, 07:53:13 PM #121 Last Edit: January 02, 2026, 07:56:07 PM by yourfriendarmando
Also, in case it hasn't been reiterated, you might want to additionally prevent devices like Android and IT'S from escaping your DNS and attempting DNS over HTTP.

I recommend using a Floating rule, connected to a URL alias to v4/v6 lists, to keep those devices in check:

https://github.com/crypt0rr/public-doh-servers
https://github.com/oneoffdallas/dohservers/tree/master
https://github.com/dibdot/DoH-IP-blocklists/tree/master

Use a Firewall group to restrict you NAT and the rule above to local Interfaces and not interfere with the Firewall's ability to access DNS resources.

Here is also an older post on the matter:
https://forum.opnsense.org/index.php?topic=33931.0

Watch your Apple users start to hate you haha.
Print
Go Up Pages 1 ... 7 8 9
User actions