DNS Query Refused over IpSec
I have Pfsense running on an XG-7100 1U running the default Unbound DNS resolver. All the clients on the LAN side, and connected via OpenVPN are able to resolve dns queries without any issue.
However, I also have an IpSec site-to-site link set up with an Azure Virtual Network. Connections work fine, i.e. I can connect from and to any host on either side. However dns queries coming from the Azure side get a response: "Query refused"
I've confirmed that the DNS resolve settings have "Network Interfaces" set to "All" Is there anything else I should set in order to allow resolving queries coming from the IpSec network?
In the DNS Resolver settings, add entries on the ACL tab to allow access for the other subnet(s)
Ah, that fixed it! Thanks for the quick response!