Redirecting all DNS traffic to pfSense not working
I have an IoT subnet. On this subnet I want the TVs, Roku's, thermostats, etc to all have their DNS traffic redirected to the DNS servers I have specified in pfSense (Cloudflare). I followed this document to set this up. I thought it was working fine but then noticed a device on this subnet was talking with 126.96.36.199.
Here's the image of the NAT redirect setup.
And the subsequent firewall rule on that interface;
As stated earlier, running packet capture, I see that at least one device on this subnet is successfully querying 188.8.131.52 and getting a response back. I have Cloudflare DNS setup in general settings.
Thanks for any help!
And they are doing that on udp/tcp 53 - or some other port?
The destination port is 53. It seems like the query first goes to the gateway, but then it immediately tries 184.108.40.206. Both the gateway and 220.127.116.11 reply. All over port 53.
The client can send query to 18.104.22.168 all it wants - you sniffed on the wan and saw this go out?
bhjitsense last edited by bhjitsense
Well, it's weird but on the WAN I don't see traffic over 53 or to 22.214.171.124 - I do DNS over TLS on port 853 so that makes sense to not see anything over port 53. The source IP for the query response is 126.96.36.199. I see states for 188.8.131.52 on the IoT interface but not on the WAN interface. When I capture traffic on the IoT interface, it shows that the query response source IP is 184.108.40.206.
I'm guessing when 220.127.116.11 is queried, the traffic is translated and the state is built, but the interface is none the wiser whether or not the return traffic is actually from 18.104.22.168.
Exactly.. Client doesn't know answer didn't come back from 22.214.171.124
It just really knows it gets an answer back to its source port it asked 126.96.36.199 from
Very cool. I learned something today.