I've been writing a tool that can be added as a package for pfSense, and essentially the tool allows you to perform a DNS leak test on any of the interfaces on the firewall appliance.
One developer I spoke with said that DNS leak testing from a firewall is not valuable, and that the test should only be performed from the client side.
I disagree with this sentiment, because I feel that ensuring that both the clients and firewall are not leaking DNS info (especially with a kill-switched, network-wide VPN config in place) is essential to maintaining the level of privacy and security desired.
I'm at a loss for thinking of any reasons why DNS leak testing at the firewall would not be useful, and unfortunately the other developer I spoke with didn't elaborate on their reasoning, so I was hoping someone could provide me with their opinion and reasons that I could use in my own consideration.
Thank you for any help!
