OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: Solaris17 on December 10, 2016, 08:02:54 am
-
When attempting to use a DNS server on my LAN as the primary DNS server the whole network loses connection. A reboot does not fix the issue.
However if the DNS server is set on the client. Than the network works fine. Not sure where I should start looking?
I already have DNS rebind set to off.
I have seen this in the error logs. This is the IP of my DNS server.
opnsense: /system_general.php: The command '/sbin/route delete -host 10.0.0.19' returned exit code '1', the output was 'route: route has not been found delete host 10.0.0.19 fib 0: not in table'
Basically. I have an adnetwork filter based off of DNS.
On the remote DNS server (which is on my LAN)
I have the IP statically set.
I have the default gateway the IP of the router.
I have the DNS server IP set to Google & Level3 Communications.
If I set the DNS server under Settings>General in opnsense I lose ALL network connectivity.
However; If I manually take a PC and set it to use the DNS server everything works correctly and ads are filtered.
I wanted the router to simply use this local DNS server because its a pain to set DNS on all members of the network. I initially thought this might be a drop because of a detected DNS rebind attack, however I ran my own DNS server previously and that was still disabled.
I dont really know where to begin debugging this.
OPNsense 17.1.a_878-amd64
FreeBSD 11.0-RELEASE-p2
OpenSSL 1.0.2j 26 Sep 2016
-
Could you use DHCP to use (hand-out) your (local) DNS server to your LAN clients?
Services -> DHCP -> Server : DNS servers (here only specify your (local) DNS)
-
I wonder if its related to the problem I discovered, I use the DNS Resolver service on my OPNsense, I discovered after the update from 16.7 to 17.1 that it will no longer work if I set the outbound interface of the resolver to LAN. I had it set that way so that I can override some domains to servers on the other side of VPN connections for resolving internal Active directory domain names at the office.
It seems to only work if the outbound interface is set to all. When it set to all the outbound requests that are supposed to be sent over the VPN tunnel don't work.
*Update, I discover that if I change it from All to have LAN, WAN set both internet and VPN forwarded overrides appear to work. Perhaps setting the outgoing network interface to LAN if you are using an internal DNS server will solve your problem.
-
Danced from DNS forwarder overrides to DNS resolver overrides on the .9 release. Just a heads up, didn't mean to draw attention. There is a post on it. Thankfully, that saved the day!
-
thanks for responding all. I will attempt some of these changes too see if they work for me.
-
Hey sorry to respond to this so late.
I followed the advice from Tikimotel and set the DNS server under the DHCP service and it is forwarding correctly.