I have been using OPNsense for a week now. On hardware Optiplex 3020, i3-4160 CPU, 8GB Ram. Intel 4 port nic.
Every few minutes, I will visit a website and get this error:
Hmm. We're having trouble finding that site.
We can't connect to the server <website>
If you entered the right address, you can: etc...
I have read hundreds of DNS related issues on the forum and reddit but cannot find a solution.
I have reset the opnsense and started again, but same issue. The issues happen on the WAN and LAN for Unbound override domains.
Here are my settings:
System > Settings > General 
- TICKED  Allow DNS server list to be overridden by DHCP/PPP on WAN 
But i have also tried this unticked. Same issue.
- dns servers are all blank.
Interfaces:<n>
- static ipv4
- IPv6 - none 
Also tried this with dhcpv6. same issue.
- Speed and duplex DEFAULT
Services: Unbound DNS: General
- Register ISC DHCP4 Leases
- Register ISC DHCP Static Mappings
- Flush DNS Cache during reload
The issue continue when these were off too.
Services: Unbound DNS: Blocklist
NOT ACTIVE
Services: Unbound DNS: Advanced
- log queries - TICKED
Services: Unbound DNS: DNS over TLS
NONE
Firewall: Rules: MainLAN
Rule 1 - Allow access to other LAN
Rule 2 - Allow internet
Firewall: Rules: OtherLAN
Rule 1 - Allow access to MainLAN
Rule 2 - Allow internet
Firewall: Rules: WAN
NONE
Firewall: NAT: Port Forward
Redirect traffic through dns - IP: 127.0.0.1 Port:53 Interface: lan1, lan2, wan
I would like to emphasis that I have even tried restarted from scratch. Same issue. It works fine, but every few minutes a WAN website cannot be reached.
Other things I have tried
I tried:
- turning off ipv6
- Allowing WAN dhcp to set the dns in System: Settings: General
- restarting from scratch
- updating to the latest version of opnsense (i did this today, I am using OPNsense 24.1.5_3-amd64, FreeBSD 13.2-RELEASE-p11, OpenSSL 3.0.13)
Has anyone experienced and fixed this?? I really don't know what to do and I do NOT want to go back to my TPlink!  :D
(even as I first typed this, and pressed post, I saw the error page. Very frustrating)
			
			
			
				No idea what are LAN and MainLan BUT, a default installation requires no firewall rules other than the defaults for clients on LAN (that is the network defined as LAN during installation) to access "the firewall".
Then when you enable Unbound on all interfaces (default), the clients will reach it with above mentioned default rules.
If you are not using IPV6 then it is best to disable it.
Otherwise the rest looks fine. Those settings will give OPN ip as DNS server, and will use your ISP's DNS server.
And you don't need an additional NAT port forward.
			
			
			
				If you register all dhcp leases, unbound will restart every time the leases change.
I am not using unbound as my main dns but it dies supply the local hosts from dns. It's a terrible implementation
Sent from my iPhone using Tapatalk
			
			
			
				Quote from: planetf1 on April 19, 2024, 01:16:49 AM
If you register all dhcp leases, unbound will restart every time the leases change.
While this is indeed the case on the other *sense implementation, I've been using OPNsense for years with registered DHCP and static leases and it does not restart Unbound. Try it and watch your logs, it won't restart.
For the OP, what do your unbound logs say? I'm suspicious if the custom DNS redirect rules, have you truly tried an out of the box configuration without any custom rules?
System > Settings > General
- *UNTICK*  Allow DNS server list to be overridden by DHCP/PPP on WAN  
Services: Unbound DNS: General
- *UNTICK* Flush DNS Cache during reload