OPNsense Forum

English Forums => General Discussion => Topic started by: MrCCL on August 09, 2016, 09:03:42 am

Title: [SOLVED] DNS
Post by: MrCCL on August 09, 2016, 09:03:42 am

I have some general questions about DNS setup that I was not able to find in the documentation or in the help-tips in the web-gui:

1: When using DNS Resolver I get an "Server: Unknow" in my reply, why is that? Using the DNS Forwarder I get the name of the router:

Code: [Select]

c:\>nslookup opnsense.org
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    opnsense.org
Address:  37.48.77.141
2: In DNS Resolver/General there is an option called DNS Query Forwarding (unfortunately no help-tip)...what does this option actually do?
If it is disabled it seems some DNS queries are still being forwarded to the external DNS servers from WAN DHCP?

Title: Re: DNS
Post by: franco on August 09, 2016, 09:56:33 am

1. Probably this: https://forum.opnsense.org/index.php?topic=3311.0

2. It sets --strict-order in dnsmasq:

By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf

Maybe we should make a help text for that?! :)


Cheers,
Franco

Title: Re: DNS
Post by: MrCCL on August 09, 2016, 11:11:09 am

Ahh...it cannot resolve itself!
But it will be fixed in future versions it seems.
It's not a big issue, was just worrying that it was an indication of something else was wrong, but it seems it's by-design for now :-)
Thanks

Title: Re: DNS
Post by: franco on August 10, 2016, 08:07:52 am

Whoops, I accidentially researched forwarder instead of resolver for 2.

In the resolver, the option enables simple forwarding to another (elsewhere configured) DNS server, either through a dailup/dhcp one or the static DNS server entries under System: Settings: General. I will add a help message.

Title: Re: [SOLVED] DNS
Post by: MrCCL on August 19, 2016, 10:22:05 am

My VPN clients cannot get in touch with the DNS Resolver, it only works if I use the DNS Forwarder.
It almost seems like the DNS Resolver doesn't listen on the adapter where unencrypted VPN packets are sent/received (assume that's the TUN adapter?)
"Network Interfaces" is set to All in the DNS Resolver settings.

DNS Resolver works perfectly with LAN clients.

Is it just me having this problem, or is it by-design/on purpose?

My setup router

Code: [Select]

LAN IP:            192.168.1.0/24
VPN client subnet: 192.168.2.0/24
WAN public IP:        86.x.x.x


Title: Re: [SOLVED] DNS
Post by: franco on August 19, 2016, 11:10:10 am

There is a fix queued up for 16.7.3 that likely addresses this:

https://github.com/opnsense/core/commit/f5839826df96633fdecc6e31d683445b41889e1e

Can pull this on top of 16.7.2 using the following command line invoke:

# opnsense-patch f58398

If it's not a full fix yet we can work something out in time for 16.7.3. :)

Title: Re: [SOLVED] DNS
Post by: MrCCL on August 19, 2016, 11:23:31 am

OK, thaaaaanks :-)

I'll receive my test-firewall next week and then I'll test it.