I recently switched to opnsense (fantastic decision). I'm using unbound DNS as a local DNS server. In general it all works perfectly but I noticed that certain domains failed to resolve. In particular login.microsoftonline.com (which I need for my work) wouldn't resolve from an Android client - although it would resolve fine from a Linux machine on the same network - curious.
The android client was fine if I switched it to use 1.1.1.1 as the DNS server.
I didn't make much progress with the problem until I saw this eloquent article that describes the exact problem I'm seeing:
https://techcommunity.microsoft.com/t5/office-365/dns-resolution-issues-when-attempting-to-connect-to-login/m-p/146379
I couldn't find any control over TCP DNS requests in opnsense except for the number of incoming/outgoing TCP packets (I had the defaults of 10). On a whim I increased to 20 of each. Making this change seems to have fixed the issue. This seems very surprising. I wondered if perhaps there was a bug in the GUI such that 10 was in fact setting 0 which I believe would disable TCP DNS requests.
Thoughts?
Rob
Hi Rob,
Had you had any success on this issue. I am new to OPNsense and find myself stuck on resolving this issue.
Could give me the steps you followed to work around this issue.
Thanks
Don
Hi,
will this be redolved? If when and how?
example: login.microsoftonline.com is not resolveable.
In the ubound->blacklist disable the blacklisting of "windowspyblocker (extra)"
thnx