Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: Ikes_72000 on May 06, 2021, 08:41:47 AM

Title: [Solved] No access to update / plugins orphaned, DNS misconfiguration?
Post by: Ikes_72000 on May 06, 2021, 08:41:47 AM
Hello,

I am having a problem updating Opnsense and its plugins, these appear as orphaned.
I think it comes from the DNS configuration.
All DNS traffic is directed to Adguard, on a separate machine, Unbound is configured as upstream DNS in Adguard.
All of my equipments on the LAN have Internet access, but i can't resolve DNS from opnsense itself.

I have configured all of this as follows

1- DHCP configuration

(https://nsa40.casimages.com/img/2021/05/06/210506083656387150.png) (https://www.casimages.com/i/210506083656387150.png.html)

2- Unbound configuration

(https://nsa40.casimages.com/img/2021/05/06/210506083656458104.png) (https://www.casimages.com/i/210506083656458104.png.html)

(https://nsa40.casimages.com/img/2021/05/06/210506083656718991.png) (https://www.casimages.com/i/210506083656718991.png.html)

3- NAT port forwarding

(https://nsa40.casimages.com/img/2021/05/06/210506085134313885.png) (https://www.casimages.com/i/210506085134313885.png.html)

4- General configuration

(https://nsa40.casimages.com/img/2021/05/06/210506085134618785.png) (https://www.casimages.com/i/210506085134618785.png.html)

What i missed?

Thanks
Title: Re: No access to update / plugins orphaned, DNS misconfiguration?
Post by: KHE on May 06, 2021, 09:30:05 AM
Hello,

you have no nameserver for the opnsense itself. If you look into your /etc/resolv.conf you will have the entry "nameserver 127.0.0.1". But your unbound is listening on port 5353. I wonder why you changed the port to this, when adguard is running on a different machine.
To solve it you can:
- change the port of unbound to 53
or
- port forward port 127.0.0.1:53 to 127.0.01:5353 on the Loopback interface.

KH
Title: Re: No access to update / plugins orphaned, DNS misconfiguration?
Post by: Ikes_72000 on May 06, 2021, 09:26:22 PM
Quote from: KHE on May 06, 2021, 09:30:05 AM
Hello,

you have no nameserver for the opnsense itself. If you look into your /etc/resolv.conf you will have the entry "nameserver 127.0.0.1". But your unbound is listening on port 5353. I wonder why you changed the port to this, when adguard is running on a different machine.
To solve it you can:
- change the port of unbound to 53
or
- port forward port 127.0.0.1:53 to 127.0.01:5353 on the Loopback interface.

KH
I change unbound port to 53, and all works.

Thanks @KHE.

Envoyé de mon ONEPLUS A6003 en utilisant Tapatalk

Text only | Text with Images