Problems with blocking WAN DNS access from LAN
I am attempting to prevent DNS requests from being sent outbound to the Wide Area Network (WAN), but I am encountering difficulties in doing so. To achieve this, I have established an Access Control List (ACL) for the gateway that blocks any DNS requests originating from the Local Area Network (LAN) and directed towards the WAN using User Datagram Protocol (UDP) port 53, which I specified using a port group. However, this seems to block all traffic on UDP port 53, even the traffic intended for the gateway itself. To resolve this issue, I created an additional rule, positioned above the original rule, which permits access to UDP port 53 for the gateway's IP address, while still maintaining the LAN-to-WAN restriction. Initially, I did not believe this additional rule would be necessary, as the gateway is part of the LAN rather than the WAN.
Despite my efforts, it appears that all traffic on port 53 is still being blocked for devices connected to the network. Unfortunately, I am unable to examine the logs on the Omada device to gain more insight into the issue. I would greatly appreciate any guidance or suggestions on how to resolve this problem.