Monitor Outbound DNS requests
-
So NextDNS offers the ability to monitor outbound DNS requests, but to do this requires an account.
Is it possible to see all outbound DNS requests through pfSense?
-
@treestomp There's a Log Level setting on the DNS Resolver advanced settings page.
With DNS over HTTP and the like if you want to capture all queries you'll probably need to block those types of services.
-
Or learn what Diagnostics > Packet Capture can do for you.
You could scan the WAN interface, port 53.
You would wind up having huge files, with mostly, if not all, DNS outbound traffic and the answers coming back.These files can be fed into wireshark to make stats, see details etc.
Or force all your LAN based clients to use pfSense unbound, the resolver. Add pfBlockerNG-devel so it can make lists and charts for you.
No need to set up any filtering or blocking pfBlockerNG-devel, just use it as your DNS scanner, although I would advise you to activate the "DoH/DoT Blocking List". -
@gertjan Gotcha cool thanks for the reply. If OpenVPN is on for the entire network, does DoH/DoT still have an effect or it's encrypted to the VPN anyway?
-
@treestomp said in Monitor Outbound DNS requests:
does DoH/DoT still have an effect or it's encrypted to the VPN anyway?
Nearly all traffic is already TLS these days, so VPN "to protect your data" is not needed.
The exception is of course classic DNS traffic.DoH is more a DNS generated by the end user client's application : even your router, pfSense, can't "see" it. pfBlockerNG can only block it, if it's a known DoH endpoint server.