Finding devices with hardcoded DNS

  • I've set up a NAT redirect rule to capture/redirect all outbound DNS traffic to my internal DNS server. pfSense automatically added a firewall rule as well. The question now is how do I find what devices are the offending ones? There's nothing in my firewall logs that could give me a hint. Even when I hardcode a DNS entry on one of my devices, there's still nothing in the firewall logs. Should I assume the NAT redirect rule is not working?


  • @ibbetsion If you just want to find them you could make a rule to block TCP/UDP to port 53 on addresses that aren't the router and see what shows up in the logs.

    I just did this redirect and didn't see any entries for my redirected dns.

    I confirmed it was being redirected using

    Here are my records that showed up when I moved the firewall block rule to the top of the LAN rules.

    0_1552530185073_Screen Shot 2019-03-13 at 9.18.47 PM.png

  • @elvisripley Thank you for that invaluable insight. I was able to make a few tweaks based on your guidance (caused lightbulbs to go off in my head!) and I am now able to see the queries!

Log in to reply