Block DNS not working.... How to?
-
Followed the guide here:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html
This is in the guide...
This is how it looks
Still no dice.
Corresponding FW rules:
Port forwards NAT:
General systems setup:
DNS servers used when testing for DNS leaks:
And when I test using Google DNS, everything is working fine and DNS are bypassing the FW.
What am I doing wrong?
-
@Cool_Corona
I think your first rule needs to be a NAT rule, too.
-
Couple of things.. In link you provided about redirecting dns.. It clearly states
"If DNS requests to other DNS servers are blocked, such as by following Blocking External Client DNS Queries, ensure the rule to pass DNS to 127.0.0.1 is above any rule that blocks DNS."
Where is said rule in your rules? You do not allow this in you rules, so how would it work?
Also Not sure what forwarding to the roots is going to do.. The root servers do not allow for recursive queries.. You can not ask the root servers for google.com for example..
If you ask a root server for www.google.com all its going to hand back to you is the NS for .com
;; QUESTION SECTION: ;www.google.com. IN A ;; AUTHORITY SECTION: com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net.So such a setup as you have would never ever work to resolve anything..
-
Thank you :)
