pfSense

https://forum.netgate.com/topic/167150/dns-redirect-on-pppoe-clients-failing:
"I have a pfSense server running sucessfully with approx 150 end user devices connecting via a dedicated interface on the pfSense configured for PPPoE. The PPPoE client IP address are issued to the end user devices from a radius server, all this which works fine and traffic is good. DNS servers are pushed to the end user devices via the radius server which again is all good.

However, I want to redirect all the PPPoE client DNS traffic to the pfSense server so that DNS requests are handled via the pfSense to help prevent end users circumventing our DNS servers.

I have followed the guide for this, setup DNS resolvers on the pfSense and applied this to the LAN interface (a seperate interface) and as expected this works a treat for the LAN users but I repeat this for the PPPoE interface and it doesn't seem to work for the PPPoE clients, it just ignores the NAT redirect rule and the traffic is sent to the DNS server that has been manually configured."

pfSense successfully creates redirect rules for interfaces, like:

# NAT Inbound Redirects
rdr on vtnet0 inet proto { tcp udp } from any to !192.168.3.4 port 53 -> 192.168.3.4
# Reflection redirect
rdr on {  openvpn WireGuard } inet proto { tcp udp } from any to !192.168.3.4 port 53 -> 192.168.3.4
...
pass  in  quick  on $LAN inet proto { tcp udp }  from any to 192.168.3.4 port 53 tracker 1634138298 keep state  label "USER_RULE: NAT " 

but doesn't create rdr rules for PPPoE Server or OpenVPN groups:

pass  in  quick  on $OpenVPN inet proto { tcp udp }  from any to 192.168.3.4 port 53 tracker 1634138263 keep state  label "USER_RULE: NAT " 
pass  in  quick  on $pppoe inet proto { tcp udp }  from any to 192.168.3.4 port 53 tracker 1634138088 keep state  label "USER_RULE: NAT "