Putting this out there in case anyone else has issues.
I updated to 24.7.8 today and after doing so noticed DNS resolution was failing intermittently. I have local domain requests forward to my domain controller and those worked fine.
Any request that required forwarding was not going to my pihole server, however I could manually query pihole for DNS just fine.
When I enabled some DNS over TLS servers I previously had enabled in the past for testing, DNs queries were forwarded for external addresses, but not to pihole, instead to those configured DNS over TLS servers, which would be expected.
I had to disable "Enable DNSSEC Support" in the unbound configuration as well as disabling the DNS over TLS servers I have configured in order for DNS traffic to be directed to my pihole instance.
nice i like this post
I'm not sure, but from your explanation, it almost seems you are describing an issue with pihole's DNSSEC support, rather than an issue with opnsense. Does DNSSEC work when you forward to (say) QUAD9?
I've always disabled dnssec when using forwarding to TLS. its even suggested for it here: https://docs.quad9.net/Setup_Guides/Open-Source_Routers/pfSense_%28Encrypted%29/
why it is not for opnsense I do not know on that same page
I wish I saw this post before I updated. Now my two PiHole servers do not block ads.
I am very new to Opnsense and would like to get back to having this work.
Any detailed help would be appreciated.
I looked into reverting backa version but opnsense-revert -l does not list anything I can revert to...
Very frustrating....
You're absolutely right about QUAD9 suggesting opnsense disable DNSSEC support, I stand corrected. I do wonder that the pihole/opnsense interaction suffers from the same issue?
Personally, I do not use DNS forwarding or pihole for DNS blacklisting, but use Unbound as the recursive resolver and host for the DNS blacklists. Would this not work for your setup as well?