"Recent posts
#1
26.1 Series / Re: 26.1.1 MTU Issues on PPPoE
Last post by Boxer - Today at 07:53:44 PMGood stuff
#2
26.1 Series / Re: Can Unbound DNSSEC be used...
Last post by LemurTech - Today at 07:40:36 PMMy current suspicion is that this is not an Unbound problem, it's a Dnsmasq problem. When DNSSEC is enabled, something changes the behavior of Dnsmasq and it no longer treats `iot.lan` as local:
Code Select
DNSSEC enabled:
root@fw01:~ # drill .0.0.1 -p 53053 emporia.iot.lan
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 64879
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; emporia.iot.lan. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
. 2494 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2026021301 1800 900 604800 86400
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Feb 13 10:31:58 2026
;; MSG SIZE rcvd: 108
DNSSEC Disabled:
root@fw01:~ # drill u/127.0.0.1 -p 53053 emporia.iot.lan
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7948
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; emporia.iot.lan. IN A
;; ANSWER SECTION:
emporia.iot.lan. 1 IN A 192.168.12.86
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Feb 13 10:32:35 2026
;; MSG SIZE rcvd: 49
#3
26.1 Series / Re: Clean upgrade from 25.1.7 ...
Last post by julsssark - Today at 06:48:04 PMI am surprised your upgrades took that long but I've never run OPNsense in a large production environment. Good luck with the migration. Let us know how it goes.
#4
General Discussion / Re: Intermittent Packet Loss o...
Last post by meyergru - Today at 06:38:53 PMTry "bridge-mcsnoop 0".
#5
26.1 Series / Re: 26.1.1 MTU Issues on PPPoE
Last post by Taunt9930 - Today at 05:55:11 PMQuote from: Enverex on February 11, 2026, 01:04:56 PMI'm seeing the same issue. I found this thread before upgrading so I blanked all the MTU boxes prior to upgrading, but putting 1508 back into the PPPoE adapter post upgrade also results in breaking a lot of the internet as other people here mentioned. I've had to go back to blank/default for now which isn't ideal.
Has anyone who has seen this issue tried 26.1.2 yet? I am stumped.
EDIT: Setting WAN MTU to Blank on 25.7.11_9, and upgrading to 26.1.2 and then setting it back to 1508 works. It now works as before, and gives expected results of 1440 and 1460 here http://pmtud.enslaves.us/
#6
26.1 Series / Re: NAT Reflection / Hairpinni...
Last post by Patrick M. Hausen - Today at 05:23:56 PMTricksy NATsesss ...
#7
General Discussion / Re: ddclient and deSEC
Last post by skywalker007 - Today at 05:18:32 PMThe easiest fix would be to add "preserve" to both options, so you can individually update A and AAAA without deleting the other one.
I use the native backend, not sure if ddclient haves different
I use the native backend, not sure if ddclient haves different
#8
General Discussion / Re: ddclient and deSEC
Last post by Ampfinger - Today at 05:16:22 PMAs far as I know it's the same situation as before.
But I would also like to see this one fixed!
But I would also like to see this one fixed!
#9
General Discussion / Re: ddclient and deSEC
Last post by skywalker007 - Today at 05:12:16 PMHello,
I just came across exactly the same issue.
Is this something being worked on? Did you open a FR ticket for it?
The only workaround I see right now is to create separate hosts for v4 and v6 in deSEC.
I would really love to have ab option to update both A and AAAA record in one go.
Did someone try to implement this as custom?
thanks, Till
I just came across exactly the same issue.
Is this something being worked on? Did you open a FR ticket for it?
The only workaround I see right now is to create separate hosts for v4 and v6 in deSEC.
I would really love to have ab option to update both A and AAAA record in one go.
Did someone try to implement this as custom?
thanks, Till
#10
26.1 Series / Re: NAT Reflection / Hairpinni...
Last post by Monviech (Cedrik) - Today at 05:10:22 PMOr using IPv6 in general, ahh so nice no nat trickeries anymore. :)
