Upgraded from 25.7.9_7 to 25.7.10 and since then I am having what I believe to be DNS issues but not really sure how to debug
In the system settings, I have 149.112.112.112 and 9.9.9.9 as the DNS servers.
Then my inferfaces are as follows:
- LAN (ax0) -> v4: 10.0.1.1/24
- VLAN10_MANAGE (vlan01) -> v4: 10.0.10.1/24 -> DNS: 10.0.10.25 (Pi-hole aggressive - DNS in pi-hole is Proton DNS)
- VLAN20_VPN (vlan02) -> v4: 10.0.20.1/24 -> DNS: 10.0.10.25 (Pi-hole aggressive)
- VLAN30_CLEARNET (vlan03) -> v4: 10.0.30.1/24 -> DNS: DNS: 10.0.10.24 (Pi-hole light - DNS in pi-hole is Quad9)
- VLAN40_GUEST (vlan04) -> v4: 10.0.40.1/24 -> DNS: 1.1.1.1, 1.0.0.1
- VLAN50_IOT (vlan05) -> v4: 10.0.50.1/24 -> DNS: 10.0.10.25 (Pi-hole aggressive)
- VLAN60_BLOCKED (vlan06) -> v4: 10.0.60.1/24 -> DNS: 10.0.10.25 (Pi-hole aggressive)
- VLAN80_EXPOSED (vlan08) -> v4: 10.0.80.1/24 -> DNS: 10.0.10.25 (Pi-hole aggressive)
- VLAN90_INTERNAL (vlan09) -> v4: 10.0.90.1/24 -> DNS: 10.0.10.25 (Pi-hole aggressive)
- VPN0 (wg1) -> v4: 10.2.0.2/32
- VPN1 (wg2) -> v4: 10.3.0.2/32
- WAN (ax1) -> v4/DHCP4: 192.168.1.94/24
The networks that do not go through wireguard (ProtonVPN) no longer work: lan, clearnet, and guest. The other vlans go through the VPN, but I do get the sense they are slow
Opnsense no longer connects to the internet either. If I do a connectivity audit, it hangs, 1 hour+ and no result
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.7.10 (amd64) at Sat Dec 20 23:22:00 CET 2025
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
Waiting for another process to update repository OPNsense
If I check in the system settings
- Allow DNS server list to be overridden by DHCP/PPP on WAN
- Do not use the local DNS service as a nameserver for this system
and run connectivity audit, it is much faster, and I get the results below and seems at least opnsense has internet access again
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 25.7.10 (amd64) at Sat Dec 20 23:15:49 CET 2025
Checking connectivity for host: mirror-opnsense.serverbase.ch -> 212.237.209.20
PING 212.237.209.20 (212.237.209.20): 1500 data bytes
--- 212.237.209.20 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://mirror-opnsense.serverbase.ch/FreeBSD:14:amd64/25.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 928 packages processed.
All repositories are up to date.
Checking connectivity for host: mirror-opnsense.serverbase.ch -> 2a03:da40:2::20
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://mirror-opnsense.serverbase.ch/FreeBSD:14:amd64/25.7
Updating OPNsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository OPNsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
Unable to update repository OPNsense
Error updating repositories!
Checking server certificate for host: mirror-opnsense.serverbase.ch
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R12
verify return:1
depth=0 CN = mirror-opnsense.serverbase.ch
verify return:1
DONE
Checking server certificate for host: pkg.opnsense.org
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = pkg.opnsense.org
verify return:1
DONE
***DONE***
I do not have unbound or dnsmasq enabled.
Also seing Network time errors like this in the logs `Error ntpd - error resolving pool 0.ch.pool.ntp.org: Address family for hostname not supported (1)`.
I also tried downgrading opnsense and kernel to 25.7.8 but the results did not change making me think a package update is responsible.