Hello all,
I have just setup opnsense for the first time (long time pfSense user) and have found a bit of an odd behavior. I have setup a host override in Unbound that identifies my LAN interface (192.168.1.1) as host "opnsense".
When I ping "opnsense", I get a reply from my WAN IP Adress. I suspect there is a simple setting I need to set, but cannot find it.
Thanks for any help or suggestions.
Mike
"opnsense" as a DNS query responds with all IP addresses the firewall currently has got. Which one your desktop system picks is random. This is not a bug.
Whilst it may not be a bug, how to remove the wan ip from dns response to the lan hostname?
If, say, you have a port forward (with NAT reflection enabled) on the WAN for http/s, and this directs to an internal webserver, then depending on which IP your client OS chooses, you will hit opnSense admin web interface or the other internal webserver.
Services > Unbound > General
Check the option in the screen shot, then add a single manual host override.
You can use Unbound config (https://www.reddit.com/r/OPNsenseFirewall/comments/qlqvpx/comment/hj6cfbr/) to segregate responses via access-control-view
Thank you for both suggestions. Either should work in my case.
Incidentally, after posting I noticed that if I exclude wan from unbound listening interfaces, its IP is not returned in DNS answer. However that's not nececssary in the case of the various OPT interfaces. They don't seem to appear in the DNS response.
I understand that unbound listen 'all' is the default and recommended option. I do recall some time in the past I had issues when I did not select that, and the problem was not simply because DNS was absent on the omitted interfaces. IIRC it was something to do with interfaces, assigned to VPN, not being up at boot time.
Thanks again.