check dropped DNS on firewall
I have blocked dns to other dns server on my LAN INTERFACE. And on firewall rules states, I can see that packets/bytes, so I guess there are attempts of dns resolution to other dns servers. How or where will I see to what source and destination it comes from. I have checked the system logs->firewall and filtered it by LAN INTERFACE and destination port 53 but there is no result.
Any advice would help. Thanks
Did you set your firewall rule that blocks dns to LOG? By default rules that are created do not log be it allow or block. You have to set the rule to log.
to log ? hmmm i don't think i saw or read that feature ? where can i see that option to log the firewall output ?
Edit your rule - click the check box that say LOG ;)
To be honest - if was a snake it would of bitten you when creating the rule ;)
oh yeah, overlooked it. yeah, it would have bit me already LOL
after setting the log, where will I see that log file ?