Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
>
> On Sep 22, 2018 11:21 PM, Fung <fungm...@qq.com> wrote:
> >
> > simple router build with OpenBSD
> > Wan a.b.c.d
> > Lan 192.168.0.1/24
> > Unbound run for DNS cache in 127.0.0.1
> >
> >
> > we want:
> > no mater a client pc set dns to any address ( 8.8.8.8 or 9.9.9.9 )
> > all clients' dns query are redirect to the localhost cache in the router
> >
> >
> > Can we achieve using pf.conf?
> > how? test no work with rdr-to or divert-to
> >
> > -----
> > pf.conf
> >
> > match out on egress inet from !(egress:network) to any nat-to (egress:0)
> > pass in quick proto udp from any to any port 53 rdr-to 127.0.0.1 port 53
> > pass
> >
>
> DNS can go tcp also.
>
> > ------
> > unbound.conf
> > server:
> > interface: 192.168.0.1
> > interface: 127.0.0.1
> > access-control: 192.168.0.0/24 allow
> > access-control: 127.0.0.0/8 allow
> > do-not-query-localhost: no
> > hide-identity: yes
> > hide-version: yes
> >
> > forward-zone:
> > name: "."
> > forward-addr: 1.2.3.4 # IP of the upstream resolver
> >
you can try this, it's from vmctl(8)
If desired, DNS queries originating from guest VMs can be redirected to a
different DNS server with an entry in the host machine's /etc/pf.conf
similar to the following:
pass in proto udp from 100.64.0.0/10 to any port domain \
rdr-to $dns_server port domain
just add same rule for tcp too
