1.1.1.3 does not appear to be filtering content.for me

This could be a configuration issue on my part.  My DNS resolvers are on an OPNsense router I am constructing.  Unbound uses 1.1.1.2 & 1.0.0.2 DoT with security.cloudflare-dns.com CN (hostname) and it appears to work.  I also tried 1.1.1.3 ^ 1.0.0.3 DoT with the family cloudflare-dns.com CN (hostname) and as I remember it seemed to work, too.

What I want is a split DNS situation where two children's subnets use 1.1.1.3 & 1.0.0.3 and the other subnets used 1.1.1.2 & 1.0.0.2.  I appear to have unbound handling the 1.1.1.2 & 1.0.0.2 issue using DoT.  I activated DNSmasq on port 1053 for only the two children subnet interfaces (full vlans).  From an attached DNSmasq set of log records my children's subnet is getting resolution without filtering from 1.1.1.3/1.0.0.3.  It is possible I may be doing something wrong.  Can someone review the attached log to see if I am in fact getting resolution of DNS addresses that should be filtered as I believe I am getting?

Thanks

I blocked some of my network’s information with X’s I hope that is not an issue.
I replaced the offending sitename with [BadSiteName]

It also appears I entered some search domains in my DHCP setup that I may want to rethink.

2023-01-22T14:18:21-05:00	Informational	dnsmasq	66 192.168.xxx.xxx/63486 query[A] wpad.XXXXXXXX.localdomain from 192.168.xxx.xxx	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	65 192.168.xxx.xxx/64988 reply [BadSiteName].com is NODATA-IPv6	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	65 192.168.xxx.xxx/64988 forwarded [BadSiteName].com to 1.0.0.3	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	65 192.168.xxx.xxx/64988 forwarded [BadSiteName].com to 1.1.1.3	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	65 192.168.xxx.xxx/64988 forwarded [BadSiteName].com to 127.0.0.1	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	65 192.168.xxx.xxx/64988 query[AAAA] [BadSiteName].com from 192.168.xxx.xxx	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	64 192.168.xxx.xxx/64987 reply [BadSiteName].com is 66.254.114.41	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	64 192.168.xxx.xxx/64987 forwarded [BadSiteName].com to 1.0.0.3	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	64 192.168.xxx.xxx/64987 forwarded [BadSiteName].com to 1.1.1.3	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	64 192.168.xxx.xxx/64987 forwarded [BadSiteName].com to 127.0.0.1	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	64 192.168.xxx.xxx/64987 query[A] [BadSiteName].com from 192.168.xxx.xxx
2023-01-22T14:18:10-05:00	Informational	dnsmasq	63 192.168.xxx.xxx/64986 cached [BadSiteName].com.XXXXXXXX.localdomain is NXDOMAIN	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	63 192.168.xxx.xxx/64986 query[AAAA] [BadSiteName].com.XXXXXXXX.localdomain from 192.168.xxx.xxx	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	62 192.168.xxx.xxx/64985 reply [BadSiteName].com.XXXXXXXX.localdomain is NXDOMAIN	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	62 192.168.xxx.xxx/64985 forwarded [BadSiteName].com.XXXXXXXX.localdomain to 1.0.0.3	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	62 192.168.xxx.xxx/64985 forwarded [BadSiteName].com.XXXXXXXX.localdomain to 1.1.1.3	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	62 192.168.xxx.xxx/64985 forwarded [BadSiteName].com.XXXXXXXX.localdomain to 127.0.0.1
2023-01-22T14:18:10-05:00	Informational	dnsmasq	62 192.168.xxx.xxx/64985 forwarded [BadSiteName].com.XXXXXXXX.localdomain to 127.0.0.1	
2023-01-22T14:18:10-05:00	Informational	dnsmasq	62 192.168.xxx.xxx/64985 query[A] [BadSiteName].com.XXXXXXXX.localdomain from 192.168.xxx.xxx

I’m sorry the formatting is not good, if someone could fix it I would appreciate it.

This is the line that to me indicates the DNS entry was found instead of blockec

2023-01-22T14:18:10-05:00	Informational	dnsmasq	64 192.168.xxx.xxx/64987 reply [BadSiteName].com is 66.254.114.41	

I tested this again today 1/23; it works correctly from what I can now see.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.