I have rdomain 1 and default rdomain pair1 is in rdomain 1 pair2 is in default rdomain Inside rdomain1 there is not loopback interface network is 172.10.0.2/24
In /etc/resolv.conf I have nameserver 127.0.0.1 so all DNS (UDP 53) packets should go to 127.0.0.1 Default route in rdomain1 is pair2 interface (172.10.0.2) I want (and achieved) intercepting DNS requests from rdomain1 to 172.10.0.2 port 9053. I have rule: pass out quick log (all, to pflog0) on pair1 inet proto udp to 127.0.0.1 port 53 rdr-to 172.10.0.2 port 9053 keep state (floating) but it is not enough. I needed to add this rule: pass in quick on pair2 inet proto udp from pair1 to any port 53 rdr-to pair2 port 9053 keep state (floating)
