On Sep 22, 2018 11:21 PM, Fung <fungm...@qq.com> wrote: > > simple router build with OpenBSD > Wan a.b.c.d > Lan 192.168.0.1/24 > Unbound run for DNS cache in 127.0.0.1 > > > we want: > no mater a client pc set dns to any address ( 8.8.8.8 or 9.9.9.9 ) > all clients' dns query are redirect to the localhost cache in the router > > > Can we achieve using pf.conf? > how? test no work with rdr-to or divert-to > > ----- > pf.conf > > match out on egress inet from !(egress:network) to any nat-to (egress:0) > pass in quick proto udp from any to any port 53 rdr-to 127.0.0.1 port 53 > pass >
DNS can go tcp also. > ------ > unbound.conf > server: > interface: 192.168.0.1 > interface: 127.0.0.1 > access-control: 192.168.0.0/24 allow > access-control: 127.0.0.0/8 allow > do-not-query-localhost: no > hide-identity: yes > hide-version: yes > > forward-zone: > name: "." > forward-addr: 1.2.3.4 # IP of the upstream resolver >
