DNS Redirect to pfsense, but external dns reuests coming through
I followed the guide and created
- NAT rule to
TCP/UDP * * ! interface DNS 127.0.01
I used the auto create rule to check what it was doing, turned that off and instead of 127.0.0.1 i use This Firewall
TCP/UDP * * This Firewall DNS * allowed
TCP/UDP * * * DNS * blocked
all the devices can resolve but, i have windows 10 machines with comodo firewall installed.
the dns for those machines is the comodo dns servers.
I am seeing in the logs of those windows machines, incoming
UDP source 53 from the comodo DNS servers - blocked
how is that traffic even getting through? Surely, any dns requests should have been trapped on the pfsense box,
so i wouldn't expect return traffic.
- NAT rule to
@gwaitsi there is something else with this i don't understand.
clients that don't use pfsense i.e. android, and win with comodo have trouble resolving dns queries via http but no problems with traceroutes, ping, etc
if i turn off the The Firewall DNS rule, dns does not resolve on the client - so appears to be trapped by the block rule as required. however. if i use dig @220.127.116.11 dns request resolve.
Is this correct behavior, if not. What am i doing wrong?
If so, why do why dns servers try to reach my clients on port 53 if they are being trapped by the NAT rule?