OPNsense Forum
Archive => 16.1 Legacy Series => Topic started by: none on May 12, 2016, 05:59:34 am
-
Hail,
I tried some old version (15.x) and now I run 16.1 and have the same problem:
two WAN (A and B), and once I set a rule on LAN so my desktop machine will use the B (not the default) wan, DNS stops working for the desktop machine.
I get to see the dns query on the B link:
00:50:05.548848 IP 1x.x.x.x.17803 > 10.1.1.81.53: 26623+ A? openbsd.org. (29)
00:50:06.548621 IP 1x.x.x.x.17803 > 10.1.1.81.53: 26623+ A? openbsd.org. (29)
00:50:07.548685 IP 1x.x.x.x.17803 > 10.1.1.81.53: 26623+ A? openbsd.org. (29)
it never gets the answer, as the query is not fulfilled.
I tried the dns forwarder and the resolver. not gone far yet.
is this only me?
I saw the talk on https://forum.opnsense.org/index.php?topic=433.0, tried those settings but no good also.
thanks,
none
-
Hi none,
We have an example configuration available in our doc section, can you check your setup with that?
https://docs.opnsense.org/manual/how-tos/multiwan.html
(https://docs.opnsense.org/manual/how-tos/multiwan.html)
My first guess is, that your setup is missing a secondary dns entry using the other gateway and is using the default gateway to do dns requests.
Regards,
Ad
-
thanks,
Will try it later and report back here.
But the dhcp got dns from both. Can't tell how it is using it.
thanks again,
-
Hi,
for the record. It works fine. But I had to use the dns examples from the article.
Is it possible to use the resolver or the forwarder?
I would like to use the dns addresses from my ISP's.
thanks
-
The resolver/forwarder should use the defined dns upstream servers, so yes it should work as long as there are routes available for both providers. (you cannot use the same dns for different upstream connections).
Step 5 in the example makes sure the traffic for your resolver/forwarder actually hits your firewall.
Regards,
Ad
-
Ok, I think I got it.
There is not way the DNS I get from dhcp from each ISP are used, each on its link, right?
-
You should send the ip from your firewall to your client as dns and configure the firewall to use 2 different dns servers, both using their own routes.... the resolver/forwarder should use both over their own gateway automatically.
-
thanks Ad,
but when I use the addresses I get from dhcp on both links it doesn't work. The link A works fine, but those machines I get to use the link B by specific rule to force GW dns is not working.
Using external dns works.
One problem I had using that tutorial was to use the dns as monitor IP. I got issues and the gateway monitoring failed, so my machine had no default route. That way, despite the two links were fine, I got no answer from gateway monitoring, hence no route set, hence no connection at all. Using the next hop gateway (by leaving the monitor IP blank) solved the issue.
thanks again,
none
-
Monitoring sets a host route to the monitoring ip through the gateway itself. This unfortunately destroys its usage for any other gateway, be it as monitoring IP or all else. There are ways around this, but they will require some additions to apinger to deal with this appropriately. I expect those reworks to be finished till the end of 2016.