Hi :)
I'm totally new to OpenSense, and I have a beginner question.
Is there somekind of DNS Cache in OpenSense? If yes! How can I disable it or reset it?
My sites dont resolved from my PC´s behind the OpenSense network!
If I use my mobile and disable the Wifi, it resolves fine
QuoteVersions
OPNsense 25.7.11_2-amd64
FreeBSD 14.3-RELEASE-p7
OpenSSL 3.0.18
Regards
Thomas
DNS names are cached on several levels. For instance, they are cached on Windows PCs themselves. You can use "ipconfig /flushdns" to clear that cache.
However, usually, caching uses the validity period it is given together with the DNS name, so it will cache no longer than the DNS entry itself dictates. Also, this does not at all explain why your DNS does not work at all - the cache time for a negative answer is very short.
I think what you probably forgot to allow access to UDP port 53 on your LAN interface, or the DNS service is misconfigured or your clients are not configured to use the OpnSense DNS service. This can go wrong on several levels, because OpnSense does not work right out of the box - especially when you just switched from your old router or if the old router is still in front of your OpnSense.
You should probably read this first (https://forum.opnsense.org/index.php?topic=42985.0) - especially point 8.
Then it would be time to ask yourself a few questions to make sure you are not jumping to conclusions, like:
- Can I ping an IPv4 directly? Like 8.8.8.8?
- Can I ping an IPv6 directly? Like 2600:: ?
- Does this work from OpnSense itself only or from the LAN behind it?
- Can I resolve a DNS name like "google.com"? Do I get both an IPv4 and an IPv6 address?
Hi,
I have run:
ipconfig /flushdns - Doesn't fix the problem.
I have tried to ping Google.dk - Output:
C:\Users\thoma>ping google.dk
Pinging google.dk [172.217.16.67] with 32 bytes of data:
Reply from 172.217.16.67: bytes=32 time=8ms TTL=111
Reply from 172.217.16.67: bytes=32 time=9ms TTL=111
Reply from 172.217.16.67: bytes=32 time=8ms TTL=111
Reply from 172.217.16.67: bytes=32 time=9ms TTL=111
Ping statistics for 172.217.16.67:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 9ms, Average = 8msI have also tried to ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=8ms TTL=112
Reply from 8.8.8.8: bytes=32 time=8ms TTL=112
Reply from 8.8.8.8: bytes=32 time=8ms TTL=112
Reply from 8.8.8.8: bytes=32 time=8ms TTL=112
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 8ms, Average = 8msIf I run "nslookup wpdebat.dk"
C:\Users\thoma>nslookup wpdebat.dk
Server: fw.halfdaner.dk
Address: 192.168.1.254
*** fw.halfdaner.dk can't find wpdebat.dk: Server failed
EDIT: fw.halfdaner.dk is opnsense
Interfaces: Diagnostics: PingTimes out.
- The site when the problem is: https://wpdebat.dk
- I can fine go open other sites from my network.
- I can fine ping other sites on WWW
Please indicate more precisely what you want to achieve.
So what you want to do seems to be that the DNS entry wpdebat.dk is resolved on your OpnSense itself as an authoritative DNS server.
First thing I can tell you that from outside your LAN, no DNS requests are served - probably because that is blocked by the firewall:
#nslookup fw.halfdaner.dk
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: fw.halfdaner.dk
Address: 5.186.54.48
#nslookup wpdebat.dk fw.halfdaner.dk
;; communications error to 5.186.54.48#53: timed out
So I doubt that the name resolves fine when your mobile is outside of your WiFi and uses public DNS.
Also, although the domain seems registered, there are no nameservers declared:
#nslookup -query=ns wpdebat.dk
;; Got SERVFAIL reply from 127.0.0.53
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find wpdebat.dk: SERVFAIL
If you only want to resolve that name as an override only locally, you would need to create it in unbound to resolve to whatever you want.
Hi,
Thanks for the reply. I rebooted my servers and PC, and now it works fine.