DNS leak in pfSense

I’m using pfSense version 2.4.5-RELEASE-p1. Configured cloudflare DNS. But I noticed so many requests to google DNS from clients. Please help to fix the DNS leak.

Netgate has a write up here https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html

Hi Tom, Thanks for the reply.
I found another doc for the same purpose in Netgate. But this is a NAT rule. So which one do you prefer? https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

Depends on what you want to happen, redirect or fail.

Thanks Tom. I chose redirect.
Your videos have been so helpful. Keep the good work going. Thanks again.

Obviously if they are somehow using VPNs and DNS over TLS they can easily circumvent your controls :wink:

While making a change at the firewall level can have the effect you are looking for it is only addressing the symptom not the problem. I would recommend only doing this as a stop gap measure until you can correct the issues with the offending systems.