OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Camilo625 on September 09, 2017, 07:34:03 pm

Title: Strange navigation problem
Post by: Camilo625 on September 09, 2017, 07:34:03 pm: Hi, i'm having a weird problem on a fresh install of opnsense, after i configure a few things, i loose navigation to some sites, for example, i can load this forum fine, but google.com or youtube.com will timeout and same happens if i try to ping them, would love any help to troubleshoot!

Here is some extra info:
The box it's running opnsense 17.7.1_2, it has two wan ports but only one in use, and multi wan isn't configured(only the grouping), has google DNS set under system/settings/general and "Allow DNS server list to be overridden by DHCP/PPP on WAN" its off, its running behind a router but with dmz on, unbound dns is ON and forwarding mode as well
Title: Re: Strange navigation problem
Post by: franco on September 11, 2017, 02:56:17 pm: Maybe a DNSSEC issue?

I have trouble with DNSSEC in my home network because of ISP meddling... Some sites refuse to resolve.

Cheers,
Franco
Title: Re: Strange navigation problem
Post by: Camilo625 on September 26, 2017, 10:56:33 pm: Quote from: franco on September 11, 2017, 02:56:17 pm
Maybe a DNSSEC issue?

I have trouble with DNSSEC in my home network because of ISP meddling... Some sites refuse to resolve.

Cheers,
Franco

That may be, i'm going to try with another ISP to see if i something changes. Thanks!
Title: Re: Strange navigation problem
Post by: franco on September 27, 2017, 06:50:31 am: You could also flip Unbound to forward mode or use Dnsmasq.

I have been unable to resolve the issue for this particular line, but another one works flawlessly with the default Unbound settings.

Cheers,
Franco
Title: Re: Strange navigation problem
Post by: Ciprian on September 27, 2017, 11:21:32 am: Quote from: Camilo625 on September 26, 2017, 10:56:33 pm
Quote from: franco on September 11, 2017, 02:56:17 pm
Maybe a DNSSEC issue?

I have trouble with DNSSEC in my home network because of ISP meddling... Some sites refuse to resolve.

Cheers,
Franco

That may be, i'm going to try with another ISP to see if i something changes. Thanks!

I advise you to try to disable only "Harden DNSSEC data" at first: I had same problems after fresh installs, especially since Unbound became the default resolver in OPNsense; disabling "Harden DNSSEC..." solved everything.

(Services -> Unbound DNS -> Advanced)

Case it's not enough, next step would be to disable DNSSEC completely, if you don't need DNSSEC.
I wouldn't throw-out Unbound DNS for DNSmasq DNS just for DNSSEC issues, Unbound is IMHO far more customizable and versatile.

Good luck!