OPNsense Forum

English Forums => General Discussion => Topic started by: lbandi2 on November 08, 2024, 03:51:37 pm

Title: Help with weird DNS behavior
Post by: lbandi2 on November 08, 2024, 03:51:37 pm

Ever since I moved and changed internet provider I had to do this hacky thing to get DNS to work on my network.

This is the configuration I had before that didn't work with the new provider:

In System > Settings > General:

DNS Server:
10.10.0.1 (my opnsense instance)
1.1.1.1
8.8.8.8

Allow DNS server list to be overridden by DHCP/PPP on WAN (unchecked)
Do not use the local DNS service as a nameserver for this system (unchecked)

That was it, I had DNS resolution through Unbound DNS with no extra configuration, but this config did not allow for DNS resolution with the new provider.
I could ping IPs, but I could not resolve outside DNS.

Here's what I had to do to get it to work:

In System > Settings > General:

DNS Server:
192.168.101.1 (ISP gateway I got from Interfaces  overview, see image below)
10.10.0.1 (my opnsense instance)
1.1.1.1
8.8.8.8

(https://i.imgur.com/By5kvoC.png)

I also had to add the ISP Gateway in Services > ISC DHCPv4 on every interface in order to get DNS working, here's an example:

(https://i.imgur.com/TCaOEkf.png)

I dealt with this in order to get the connection working, but I know it's wrong and I hate this solution.

Can someone help me diagnose this and help me do it the right way?

Title: Re: Help with weird DNS behavior
Post by: dseven on November 08, 2024, 04:15:40 pm

It sounds like your new ISP may be blocking you from using any DNS server other that the one(s) that they provide. if you get a shell on your OPNsense box, can what do you get from something like `drill @1.1.1.1 google.com.` ?

Title: Re: Help with weird DNS behavior
Post by: lbandi2 on November 08, 2024, 04:29:51 pm

I only get:

Code: [Select]

Error: error sending query: Could not send or receive, because of network error


Title: Re: Help with weird DNS behavior
Post by: dseven on November 08, 2024, 04:35:40 pm

Yeah... unless you're doing something funky with firewall rules yourself, I think your ISP is blocking it. I assume if you use the ISP gateway instead of 1.1.1.1 in that command, it works?

Title: Re: Help with weird DNS behavior
Post by: bartjsmit on November 08, 2024, 04:42:02 pm

Have you tried DNS over HTTPS? https://homenetworkguy.com/how-to/configure-dns-over-https-dnscrypt-proxy-opnsense/

Title: Re: Help with weird DNS behavior
Post by: lbandi2 on November 08, 2024, 04:55:25 pm

Quote from: dseven on November 08, 2024, 04:35:40 pm

Yeah... unless you're doing something funky with firewall rules yourself, I think your ISP is blocking it. I assume if you use the ISP gateway instead of 1.1.1.1 in that command, it works?

Yup

Code: [Select]

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35085
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN      A

;; ANSWER SECTION:
google.com.     161     IN      A       172.217.28.110

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 5 msec
;; SERVER: 192.168.101.1
;; WHEN: Fri Nov  8 10:54:31 2024
;; MSG SIZE  rcvd: 44


Title: Re: Help with weird DNS behavior
Post by: lbandi2 on November 08, 2024, 05:01:15 pm

Quote from: bartjsmit on November 08, 2024, 04:42:02 pm

Have you tried DNS over HTTPS? https://homenetworkguy.com/how-to/configure-dns-over-https-dnscrypt-proxy-opnsense/

No, I haven't, but before trying anything new I would like to rule out any bad configurations I might have done myself since I'm no expert.