Link Search Menu Expand Document

Redirect DNS to internal DNS

This is how I made sure clients on the LAN could not use external DNS on port 53 by redirecting those requests to OPNsense internal DNS resolver (Unbound).

Table of contents

  1. Redirect DNS to internal DNS
  2. Fault finding
  3. Authors
  4. Acknowledgments

Redirect DNS to internal DNS

OPNsense > Firewall > NAT and click + Add.

  • Navigate to Firewall > NAT > Port Forward tab and click + Add
  • Click fa-level-up Add to create a new rule
  • Fill in the following fields on the port forward rule:
  • Interface: LAN
  • Protocol: TCP/UDP
  • Destination: Invert Match checked, LAN Address
  • Destination Port Range: DNS (53)
  • Redirect Target IP:
  • Redirect Target Port: DNS (53)
  • Description: Redirect DNS
  • NAT Reflection: Disable

Fault finding

storj@server~$ dig | grep SERVER
storj@server~$ systemd-resolve --status | grep "DNS Server"
  Current DNS Server:
         DNS Servers:


Mr. Johnson