HOWTO - Redirect all DNS Requests to Opnsense

Started by Cypher100, July 26, 2018, 03:16:37 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 8 9 10
User actions
March 07, 2026, 02:32:22 PM #135
@meyergru

Yes, with the rules I've been using it seems to work well. I also have a few additional DNS rules in place to tighten things up a bit.

I also redirect DoT traffic on port 853, which helps prevent devices from bypassing the local resolver using encrypted DNS directly to external providers.

Additionally, I've been experimenting with blocking DoH endpoints, starting with things like Google DNS, to stop clients from using DNS-over-HTTPS to bypass local policies. So far this setup seems to be working well in my tests.
March 16, 2026, 09:29:11 PM #136
Quote from: SenseX on March 07, 2026, 02:32:22 PMI also redirect DoT traffic on port 853

But what is the point to redirect (instead of block) if such queries will not be served due to certificate not matching.
March 30, 2026, 09:50:46 PM #137
I just block outgoing access to port 853. I have it in an alias full of ports clients have no business accessing.
The alias is used in a Floating rule to block local nets from accessing ports to !local nets
Print
Go Up Pages 1 ... 8 9 10
User actions