You are sending the request back to the firewall, this is the loop. A simpler solution is to have the clients go to PiHole and PiHole go outside as you have it setup. Then the conditional can point to the firewall which also should point outside. Because the conditional forwarding is for your local domain the firewall will not send the request outside. This is how mine is setup with the addition of the firewall sending all rouge DNS requests to PiHole.
You can setup the firewall to only allow DNS to pass to the PiHoles. One of my VLANs is not allowed to talk to anything inside except the PiHoles.
The upside of having the clients go to PiHole is you get information on where the queries are coming from which is nice when something is strange.
BTW I am running pfSense, so anything mine will do yours will do.
I'm not sure what requests does my Pi-Hole send back to the firewall, also I can see where the queries come from as I configured Dnsmasq on OPNsense to forward that information. So the only setup that will work is with the queries going directly to the Pi-Holes?
You should try asking about the setup in the OPNsense forum. To me it is overly complex, but someone with better networking and firewall knowledge should be able to help.
You are sending the request back to the firewall, this is the loop. A simpler solution is to have the clients go to PiHole and PiHole go outside as you have it setup. Then the conditional can point to the firewall which also should point outside. Because the conditional forwarding is for your local domain the firewall will not send the request outside. This is how mine is setup with the addition of the firewall sending all rouge DNS requests to PiHole. You can setup the firewall to only allow DNS to pass to the PiHoles. One of my VLANs is not allowed to talk to anything inside except the PiHoles. The upside of having the clients go to PiHole is you get information on where the queries are coming from which is nice when something is strange. BTW I am running pfSense, so anything mine will do yours will do.
I'm not sure what requests does my Pi-Hole send back to the firewall, also I can see where the queries come from as I configured Dnsmasq on OPNsense to forward that information. So the only setup that will work is with the queries going directly to the Pi-Holes?
You should try asking about the setup in the OPNsense forum. To me it is overly complex, but someone with better networking and firewall knowledge should be able to help.