DNS going thru my cable company after reboot?



  • I am trying to eliminate any DNS queries going thru my WAN for certain VLANs, however after a reboot all queries go out my WAN and thru my cable company and stay that way? I reboot my resolver and all quesries then go thru my VPN going forward….no problem(with periodic checks)

    My setup is as follows:

    • Using PIA
    • "Don't pull routes" is checked in my OpenVPN client
    • I only have my VPN Interface selected in my "Outgoing Network Interfaces" for Unbound
    • "DNS Server Override" and "Disable DNS Forwarder" NOT checked and NO  "DNS Servers" assigned in System -> General Settings
    • I have attached my rules for the interface (Basic internet alias ports are 80 and 443/RFC1918 alias is 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16)

    In effect I am trying to create a "Kill switch" for certain VLANs for everything to go thru VPN....

    Thanks in advance,
    V

    (Edit made after posting for clarification)



  • I continue to dig into this more, sorry to reply to my original post but I didn't want to keep editing my original question.

    I found another post with a similar question…a recommendation was to look at this link for a solution:

    https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

    However in the link the rules are "Any/Any" with no reference to whether Unbound was being used and how Unbound was configured.

    It had 2 suggested solutions, I think I had implemented the 2nd suggestion and checked "Skip rules when gateway is down" but I am a little fuzzy as to whether this should be checked or not checked?

    Again any recommendation on how to create a "Kill switch" would be surely appreciated...thanks in advance.

    V

    ![Screenshot-2017-12-1 pfSense localdomain - System Advanced Miscellaneous.png](/public/imported_attachments/1/Screenshot-2017-12-1 pfSense localdomain - System Advanced Miscellaneous.png)
    ![Screenshot-2017-12-1 pfSense localdomain - System Advanced Miscellaneous.png_thumb](/public/imported_attachments/1/Screenshot-2017-12-1 pfSense localdomain - System Advanced Miscellaneous.png_thumb)



  • I realized I never attached my rules on my original post so adding them now.

    I tried shutting down my firewall a few times to replicate but I have struggled to replicate this issue in the last few days….

    I have decided to test the "policy filtering" in what was detailed in this post below:

    https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

    I added a "mark" of  "NO_WAN_EGRESS"  to my rule #1 and rule #3 and a "Quick" floating rule with my outgoing WAN per the blog....

    Beyond the "tin foil hat"/DNS leak/ISP monitoring concern (I admit I am one of those!) this seems like a possible attack path for a malicious actor. Simply attack and restart a vulnerable downstream modem(seems like a lot of them are already vulnerable), briefly shutdown the OpenVPN connection and then monitor the ongoing traffic of the unencrypted traffic after a modem restart that ensues(while the user thinks they are using a VPN)? The only reason I discovered my DNS was going through my Cable company was I happened to do a DNSleak test one morning....

    I'll surely report back if this solution doesn't work....thank you pfSense you are the rock in my network!

    Happy holidays,
    V

    ![Screenshot-2017-11-30 pfSense localdomain - Firewall Rules IOT.png](/public/imported_attachments/1/Screenshot-2017-11-30 pfSense localdomain - Firewall Rules IOT.png)
    ![Screenshot-2017-11-30 pfSense localdomain - Firewall Rules IOT.png_thumb](/public/imported_attachments/1/Screenshot-2017-11-30 pfSense localdomain - Firewall Rules IOT.png_thumb)


Log in to reply