Hi all, opnsense noob here.
I'm on opnsense 25.7.10, using dnsmasq for DHCP, the Adguardhome service running on port 53 for DNS, and unbound disabled. Client DNS is running fine, and the router's own DNS lookups work fine as long as I have "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked in System -> Settings -> General. If I un-check that option, clients continue to work but lookups coming from the router itself always fail because the domain names are getting the ".internal" local domain name appended.
For example, if I do a check for updates the router can't access "pkg.opnsense.org" because the domain name is changed to "pkg.opnsense.org.internal".
I'm sure this is something simple - what am I doing wrong?