Hi,
I am a new opnsense user as of this weekend. I have planned to switch over to opnsense for a couple years now after the bad taste from netgate in recent years, my pfsense system not booting after upgrading from 2.7.0 to 2.7.2 gave me the motivation needed.
My home network requirements are fairly simple, no VLAN, wiregaurd server on router, dual WAN.
For now, I am using a single WAN, wiregaurd server is running, and I was able to install a tailscale node on the router as well. I haven't added my backup ISP yet, but for the most part I am up and running.
What has been bothering me is that I have been unable to get local DNS resolution working. I believe the menus may have changed a little bit in 25.7 as they don't match exactly the tutorials I have seen online. It is my understanding that by default, opnsense should be using a combination of Dnsmasq and Unbound DNS. This is something I have never given a second thought to while using pfsense since local DNS has always just worked for me.
For example, I currently have a host configured with a static dhcp mapping of 192.168.9.10. I can login to that host using the IP address, however I am unable to login using the hostname "ryzen9".
In Services-> Unbound DNS -> General, I have Register ISC DHCP4 leases and Register DHCP Static Mappings checked. It is enabled and listening port is 53.
If I do an nslookup on hostname "opnsense", I get back the expected result:
zboll@debiani3:~$ nslookup opnsense
Server: 192.168.9.1
Address: 192.168.9.1#53
Name: opnsense.internal
Address: 192.168.9.1
Name: opnsense.internal
Address: redacted
However, when I do an nslookup on the host mentioned above with address 192.168.9.10, I get back the following
zboll@debiani3:~$ nslookup ryzen9
Server: 192.168.9.1
Address: 192.168.9.1#53
** server can't find ryzen9: NXDOMAIN
zboll@debiani3:~$ nslookup ryzen9.internal
Server: 192.168.9.1
Address: 192.168.9.1#53
** server can't find ryzen9.internal: NXDOMAIN
Any idea what I might be doing wrong, or where I can start to further debug this issue? I would rather not have to resort to updating /etc/hosts on all my machines (with static DHCP mappings).
Thanks,
Zack
I'm also a pfSense user who's preparing to migrate (so I probably shouldn't be attempting to answer since I haven't migrated yet), but I think as of 25.7 you need to ignore any existing tutorials and look at the Configuration examples (https://docs.opnsense.org/manual/dnsmasq.html#configuration-examples) section of the Dnsmasq section of the documentation.
Basically you configure Dnsmasq to listen for DNS queries on an alternate port, and then configure Unbound to forward queries for your local domain to Dnsmasq. I'm not sure the Wizard sets up this forwarding for you, though, but it probably should.
The nice part of this scheme is that Unbound doesn't have to be restarted every time one of your DHCP mappings changes.
Thanks,
After reading through the documentation linked, I think I understand why my configuration is not working. I will try updating my configuration tonight.
It was a little chaotic during my unplanned network upgrade, so I didn't actually use an opnsense wizard to setup my machine. I will take a look at this tonight and perhaps try using the wizard for automatic setup.
Zack
The wizard did not appear to automatically setup the DNS server, but following the configuration guide, things worked once I setup unbound dns to forward queries to dnsmasq.
Thanks,
Zack
I found this issue in GitHub: wizard: auto configure DHCP/DNS registration query forwarding #8969 (https://github.com/opnsense/core/issues/8969). So it's a known limitation that the Wizard does not connect Dnsmasq and Unbound for you yet.
To my knowledge defaults and wizard DNS settings never did that with Kea and ISC either.