DNS Redirect to pfsense, but external dns reuests coming through



  • I followed the guide and created

    • NAT rule to
      TCP/UDP * * ! interface DNS 127.0.01

    I used the auto create rule to check what it was doing, turned that off and instead of 127.0.0.1 i use This Firewall

    TCP/UDP * * This Firewall DNS * allowed
    TCP/UDP * * * DNS * blocked

    all the devices can resolve but, i have windows 10 machines with comodo firewall installed.
    the dns for those machines is the comodo dns servers.
    I am seeing in the logs of those windows machines, incoming
    UDP source 53 from the comodo DNS servers - blocked

    how is that traffic even getting through? Surely, any dns requests should have been trapped on the pfsense box,
    so i wouldn't expect return traffic.



  • @gwaitsi there is something else with this i don't understand.

    1. clients that don't use pfsense i.e. android, and win with comodo have trouble resolving dns queries via http but no problems with traceroutes, ping, etc

    2. if i turn off the The Firewall DNS rule, dns does not resolve on the client - so appears to be trapped by the block rule as required. however. if i use dig @8.8.8.8 dns request resolve.

    Is this correct behavior, if not. What am i doing wrong?
    If so, why do why dns servers try to reach my clients on port 53 if they are being trapped by the NAT rule?


Log in to reply