OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: kid_a on June 09, 2017, 04:59:27 pm

Title: dhcp -> dns: Leases not resolveable in dns
Post by: kid_a on June 09, 2017, 04:59:27 pm

Hi
this is not a new issue, but an unresolved one.
https://forum.opnsense.org/index.php?topic=2778.0

A new lease from dhcp is not triggered to refresh dnsmasq/ubound configs. So I can't resolve my systems. Very anoying.

System:
Opnsense 17.1.8

Title: Re: dhcp -> dns: Leases not resolveable in dns
Post by: v8_vroom on June 23, 2017, 02:35:05 am

OK, forum guidelines state to not start a new thread if a topic already exists. This sounds like my issue; I hope I'm not kidnapping the thread.....

Short story: after upgrade to 17.1.8, clients on the LAN side of the firewall cannot resolve address names. Pinging IP (v4) addresses, works fine (i.e. ping 8.8.8.8); pinging names does not (i.e. ping google.com)...."host unreachable". Pinging from firewall (both web GUI and physical console) works fine for both IP and name.

Longer story: Earlier this week I finally got around to upgrading in the 16-series. Had to pause while I replaced 3 e1000/emx NICs. Once I replace one of those, lost 2 unused OPT networks, and shuffled some connections around, I made sure stuff worked, then did the 17-series upgrade all the way to 17.1.8. I worked from the physical console, and all appeared (to a non-BSD-familiar fairly technical person) to go smoothly. It was shortly after this point that I discovered I was not able to browse anywhere on the internet.

We have narrowed the issue down to the firewall, as a computer attached directly to the cable modem works fine, and resolves addresses properly. Rebooting (cable modem, firewall, clients) has not helped. I have several times gone through the firewall GUI and checked/set/unset various DHCP/DNS settings, testing between updates, and nothing has changed [settings such as DNS forwarder, DNS Resolver]. Checking on a linux client "route -n" shows a good route and gateway, "ifconfig" shows the proper IP address, and "nmcli dev show | grep DNS" shows the DNS servers listed in the System -> Settings -> General -> DNS Servers.

Does anyone have any hints: "check this or that", or "make sure yadda-yadda is set this way"? Is there a known/suspected issue with this version? Is it possible to back-level the firewall software? And is there a known-better-version?

Is there any more information I can provide? I am linux-knowledgeable, but a total noob on BSD. I had to do quite a bit of research to figure out even IF I was affected by dropping the e1000 driver.

Thanks much.