Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Finding devices with hardcoded DNS

    Firewalling
    nat firewall dns
    2
    3
    451
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ibbetsion last edited by

      I've set up a NAT redirect rule to capture/redirect all outbound DNS traffic to my internal DNS server. pfSense automatically added a firewall rule as well. The question now is how do I find what devices are the offending ones? There's nothing in my firewall logs that could give me a hint. Even when I hardcode a DNS entry on one of my devices, there's still nothing in the firewall logs. Should I assume the NAT redirect rule is not working?

      Thanks

      E 1 Reply Last reply Reply Quote 0
      • E
        elvisripley @ibbetsion last edited by

        @ibbetsion If you just want to find them you could make a rule to block TCP/UDP to port 53 on addresses that aren't the router and see what shows up in the logs.

        I just did this redirect and didn't see any entries for my redirected dns.

        I confirmed it was being redirected using https://www.dnsleaktest.com

        Here are my records that showed up when I moved the firewall block rule to the top of the LAN rules.

        0_1552530185073_Screen Shot 2019-03-13 at 9.18.47 PM.png

        1 Reply Last reply Reply Quote 0
        • I
          ibbetsion last edited by

          @elvisripley Thank you for that invaluable insight. I was able to make a few tweaks based on your guidance (caused lightbulbs to go off in my head!) and I am now able to see the queries!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post