Newbie here, running 25.7.3_7. I note that under System → Settings → General, one can specify any existing gateway for a DNS server. However, one cannot specify a gateway group. Is this omission by design? Thanks.
The aim of assigning a gateway to a DNS server is that pfSense uses the proper internet connection for the server.
For instance, if you specify the DNS server of your ISP, it's probably only reachable from the ISP's internal network. So it's a good advice to assign a gateway to the DNS. Then OPNsense will only send requests to this server if the respective gateway is online.
DNS requests from another internet connection would fail.
So stating a gateway group here would not make much sense.
If you use only public DNS servers you can leave the gateway blank. In this case OPNsense will use the defined upstream gateways according their priorities.
Thanks for the response, viragomann.
I was testing forcing system DNS queries down a pair of Wireguard tunnels, and was hoping to be able to specify the VPN gateway group vice the two VPN gateways. However, I tested the failover with the 2 gateways individually listed, and DNS failed over fine from one to the other.
I'm still mulling whether to use WAN or VPN gateways for DNS resolution; I may go back to just letting the routing table decide (so generally WAN).
Thanks for the help!