Text only | Text with Images

OPNsense Forum

English Forums => 26.1 Series => Topic started by: SoWhy on February 15, 2026, 10:00:43 AM

Title: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
Post by: SoWhy on February 15, 2026, 10:00:43 AM
Hi all,

I have a setup with dnsmasq running on port 53 and no Unbound. I also have a Windows Domain Controller running at 10.1.1.20. In dnsmasq options, I have defined

Code Select
domain.local = 10.1.1.20
domain = 10.1.1.20
Before the upgrade to 26.1, running

Code Select
nslookup domain.local
resulted in OPNsense returning 10.1.1.20 and my Windows clients could connect using DOMAIN\User

I upgraded to 26.1 yesterday and now when I try to run the same command, I get
Code Select
:~$ nslookup domain.local

Server:         10.1.1.1

Address:        10.1.1.1#53


Non-authoritative answer:

*** Can't find domain.local: No answer


:~$ nslookup domain

Server:         10.1.1.1

Address:        10.1.1.1#53


** server can't find domain: NXDOMAIN
and my Windows clients can no longer connect with the error "A certification authority could not be contacted for authentication"

This of course completely breaks my setup. What changed with dnsmasq in the upgrade and how can I fix it?

TIA
SoWhy
Title: Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
Post by: SoWhy on February 15, 2026, 10:31:50 AM
Okay, it seems it was the problem noted at https://github.com/opnsense/core/issues/9754

Changing the "Local" flag to off for each host has fixed it. Weirdly, it worked fine before...

Regards
SoWhy
Title: Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
Post by: nero355 on February 15, 2026, 03:45:28 PM
You are not actually using .local are you ?

It's reserved for Multicast DNS Traffic and can cause issues !!

Please use the officially assigned .internal or something like .lan or so...
https://en.wikipedia.org/wiki/.internal

/EDIT :
Quote from: SoWhy on February 15, 2026, 08:15:42 PMI am aware but unfortunately, the geniuses who set up the domain years ago did and I didn't have the time yet to reconfigure everything .
At least you are there now to fix it!

I hope you find the time to do so in the near future :)
Title: Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
Post by: SoWhy on February 15, 2026, 08:15:42 PM
I am aware but unfortunately, the geniuses who set up the domain years ago did and I didn't have the time yet to reconfigure everything
Title: Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
Post by: vimage22 on February 16, 2026, 03:07:34 PM
.local, many, many years ago was the official microsoft recommendation. And yes, apple decided to make part of their system. So .local is not ideal, but if everything else is setup correctly, including settings within apple computers, you should be OK. This is just a general comment, not related to the details of dnsmasq settings.
Title: Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
Post by: nero355 on February 16, 2026, 04:59:12 PM
Quote from: vimage22 on February 16, 2026, 03:07:34 PM.local, many, many years ago was the official microsoft recommendation.
And that was soooo looooong ago that it is now deprecated because mDNS uses it and not just Apple Bonjour :)
Text only | Text with Images