Hi,
since I use OPNSense, my dns-requests are take long (5 seconds).
So my workaround was to add /etc/resolv.conf -> options single-request-reopen.
But this is not fine.
So I think, its this problem here:
https://supportportal.juniper.net/s/article/ScreenOS-DNS-reply-packet-is-dropped-through-the-firewall-How-is-DNS-traffic-handled?language=en_US
How can I configure OPNSense to work with this?
Greets
You haven't described your setup, is it a DNS sever on your LAN or on OPNsense or an external DNS server you're talking about. FWIW, I use a DNS server on my LAN and response tim are in the 20-30ms range.
I run a dns-server in my network on an ubuntu system.
All my ubuntu systems has this issue.
DNS-Request takes about 5 seconds. but when I set singe-request-reopen in /etc/resolv.conf it works fast.
On all my ubuntu machines....
My dns-server is not on opnsense machine.
Greets
Byte
So DNS requests from your lan clients are taking that long and you do no want OPN to resolve them, only to pass (by NAT I presume) it out?
Check what your lan and dhcp settings in OPN, so as not to conflict. Also DNSMasq and/or Unbound.
Then your firewall rules.
Make sure your post is clearer. For instance when you mention resolv.conf, it isn't clear if that's on a client or OPN.
Finally, it's likely you'll need to do packet captures on OPN on LAN and WAN to see what happens, as in your wanted setup, you want OPN to not do anything with those requests.
OK,
OPNsense:
- OPNSense has a LAN rule -> all pass, so there is nothing to do, no portforward for dns
- dnsmasq is off, ubound ist off
Clients:
- ubuntu clients asking dns-server outside
- ubuntu dns-requests take 4-5 seconds
- ubuntu clients got fast, if I change /etc/resolc.conf
DNS-Requests are going direct to internet.
Greets
Just out of interest, how does DNS perform when you run a dig command when you login to OPNsense command line and run the command there?