Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: gaa on October 03, 2025, 06:20:55 PM

Title: Switching from OPenWRT but DNSMasq works differently?
Post by: gaa on October 03, 2025, 06:20:55 PM
I want to replace my home OpenWRT router (on dedicated router hw) with OPNSense (on a generic Intel minipc).  I have setup routing but I want to setup the DHCP and DNS properly.  I thought I could use DNSMasq in OPNSense just like in OpenWRT but it seems OPNSense does not fully support both DHCP and DNS the same way.

On OpenWRT I can define static DHCP assignments and it automatically defines the DNS.  Non-static DHCP automatically does dynamic DNS.    And I can easily create a list of static DNS to be resolved.  I only need to put the base hostname in the list and it adds the domainnames automatically.

On OPNSense I just can't seem to get DNS to work at all.   I add an entry for "laptop" with domain "example.duckdns.org" and using dig from another system I get no responce when I query "laptop.example.duckdns.org" and querying "example.duckdns.org" just gets forwarded to the public DNS, which does respond, but does not have my private entries.  The OPNSense router should be authoritive and supply my private entries.

I have seen mention of setting up the DHCP to do updates to a DNS server (which could be running on the same router), but that seems overkill when DNSMasq seems to be designed to be a complete solution.   Do I have DNSMasq setup wrong on OPNSense?

Or do I need to use the dynamic DNS method?   But if so, how does the DNS stay updated if there has not been a recent DHCP?

For example, with DNSMasq handling it all, I can ping my laptop even if it has not been turned on in days, and I will find out that the name was resolved, but nobody responded to the ping.   With dynamic DNS, the DNS lookup should fail.  Then when I turn on my laptop, after the DHCP is done, the DNS would update, but I won't see it because any other DNS server between would still have to wait for the negative cache timeout.  Linux now has a local, caching server (systemd-resolvd) running on each system and it should honor the negative TTL.  I would be able to ping the laptop by IP, but not by name.

Ideally I could define my static DHCP entries and have it automatically add static DNS, or maybe I need to check a box.

Bottom line, what is the simplest way to define static DNS for my static DHCP but still have dynamic DNS for dynamic DHCP?
Title: Re: Switching from OPenWRT but DNSMasq works differently?
Post by: Monviech (Cedrik) on October 04, 2025, 06:37:24 AM
You probably want this:

https://docs.opnsense.org/manual/dnsmasq.html#dnsmasq-as-primary-dns-resolver

And if you want dnsmasq authoritative, make sure to select "local" when doing a DNS Host Override.
Text only | Text with Images