Print Page - Problem with Reflection DNS and work local services

Title: Problem with Reflection DNS and work local services
Post by: SektorCT on August 06, 2025, 05:10:11 PM

Hello everyone.
I am a recent Opnsense user and was very surprised by the capabilities of this system.
But I encountered a number of difficulties with the settings, I would like to understand where I am make a mistake.
Below I will attach a description of slightly detailed problems and what I am trying to solve.
Plus I am attaching screenshots of all those places that should make my settings in the system clear.
I also tried to do Reflection DNS according to the documentation, reflection (https://docs.opnsense.org/manual/how-tos/nat_reflection.html#reflection-and-hairpin-nat) and chose the very 1 method.
I hope for feedback on my situation.

What I'm trying to implement:

1. When accessing the domain name (authentik.name.com) from the Internet, we get access.
2. When accessing the domain name (authentik.name.com) from the local network, the router does not let us into the Internet and see it in the local network.
3. DNS requests are processed by the local Adguard. It is also the default server.
4. When connecting a client in the local network, it receives the IP addresses of the DNS servers and the router from Opnsense.
5. Services can normally access the Internet. (for example, checking for their updates)

Problems:

When accessing the name authentik.name.com from the local network, the request goes to the Internet, the local IP is not detected.
When accessing the service qbittorrent.name.com, the service is not detected. It can only be opened by its IP address and port.
The router automatically distributes the DNS addresses of the adguard servers and its own, but it is not listed.
Neither the services nor authentik in particular can check for their updates. Truenas cannot update the catalog. (They cannot go online?)

(https://i.postimg.cc/sXrBLFgS/20250806-160420.png)
(https://i.postimg.cc/C1sZTvR2/20250806-160515.png)
(https://i.postimg.cc/x8scqcyy/20250806-160658.png)
(https://i.postimg.cc/Y02vp1gC/20250806-160715.png)
(https://i.postimg.cc/dQn75xPk/20250806-160740.png)
(https://i.postimg.cc/Yq9vZzMX/20250806-161125.png)
(https://i.postimg.cc/WbHdvq4s/20250806-164311.png)
(https://i.postimg.cc/hG9vTC1G/20250806-164403.png)
(https://i.postimg.cc/T35pY2yg/20250806-164611.png)
(https://i.postimg.cc/XvMXZMFh/20250806-164808.png)
(https://i.postimg.cc/1tstHpvr/20250806-170625.png)
(https://i.postimg.cc/769LQfc8/20250806-170810.png)
(https://i.postimg.cc/50DFmHF4/Untitled-Diagram-drawio-1.png)

Title: Re: Problem with Reflection DNS and work local services
Post by: SektorCT on August 06, 2025, 05:42:07 PM

For some reason, screenshots are not attached.

Title: Re: Problem with Reflection DNS and work local services
Post by: SektorCT on August 06, 2025, 06:23:18 PM

Quote from: SektorCT on August 06, 2025, 05:42:07 PMI thank in advance those who responded to my post

Title: Re: Problem with Reflection DNS and work local services
Post by: Fabian Wenk on August 17, 2025, 07:58:21 PM

As far as I understand your OPNsense is using AdGuard as resolver for your local internal network.
The setups I have done the Unbound DNS service is in use. There is the possibility to use the Override to let some hostname from an also public domain resolve to the internal private IP address. Does AdGuard not provide something like this?

OPNsense Forum

English Forums => 25.7, 25.10 Series => Topic started by: SektorCT on August 06, 2025, 05:10:11 PM