I am new to opnsense, and have it running at latest version in my homelab setup.
There is an odd behaviour that I'm encountering... wanting to know if you[ve seen this before.
If I submit a ping to a made up name, opnsense returns the ip address of the wan. It does this for any made up name I throw at it. I am expecting the ping to fail, but it does not. Is there a setting somewhere I should be looking at ? zzz is a make believe host that does not exist....
>>>
ben@hystou:~$ ping zzz
PING expander.net.au (122.199.38.68) 56(84) bytes of data.
64 bytes from opn.expander.net.au (122.199.38.68): icmp_seq=1 ttl=64 time=313 ms
64 bytes from opn.expander.net.au (122.199.38.68): icmp_seq=2 ttl=64 time=235 ms
64 bytes from opn.expander.net.au (122.199.38.68): icmp_seq=3 ttl=64 time=155 ms
when I set up opnsense I used my domain name as registered with my registrar (expander.net.au). There is some kind of strange conflict happening here.... So I changed my opnsense domain name to "home". This seems to be working now.
Mystified still why ping is dropping the hostname and responding back with the domain name ip address as registered in cloudflare.
Strange stuff.
By default, if OPNsense doesn't have a local record for a hostname, it gets resolved normally (using public DNS records). And the public expander.net.au zone uses a wildcard configuration. <anything>.expander.net.au is a CNAME to expander.net.au, which resolves to 122.199.38.68.
To avoid this, you can either
- disable wildcards in your Cloudflare DNS settings or
- use a subdomain (like home.expander.net.au) as the OPNsense domain and set the local zone type to static (in the Unbound settings).
Kudos [mention]Maurice [/mention]for giving such a clear and helpful response to the OP
thanks heaps, for the cogent response. Well done.