1
General Discussion / DNS issues - only on opnsense host
« on: February 24, 2023, 01:10:50 am »
Hi All,
New to opnsense so I'm confident I have a setting wrong somewhere and have googled quite extensively to try and figure out the issue. I have found similar threads to my situation, but they seem to have either died off or been magically resolved with some setting the OP can't remember.
After setting up opnsense I decided to install adguard (on the opnsense host itself) - the same as I was previously doing on openwrt before switching over.
OPNsense Versions:
Package Versions:
I believe the way I have setup things the flow should work like this:
LAN Clients -> Adguard (10.0.0.1:53) -> Unbound (10.0.0.1:5553) -> Upstream Servers (Unbound DNS over TLS)
When trying to update in GUI I am given this output -
Obviously this leads me to believe it is a DNS issue, so I tried to resolve "pkg.opnsense.org" in Interfaces > Diagnostics > DNS Lookup -
So I repeated the test only this time specifying 10.0.0.1 as the server (presumably port 53) -
With the above... I am sure something needs changing to get OPNsense communicating correctly, but I am unsure what to do.
A few settings that might be applicable:
System > Settings > General:
Networking:
Services > Unbound DNS > General:
Services > Unbound DNS > DNS over TLS:
Services > Adguard Home > General:
Enable:✓
Adguard settings:
is anyone able to shed some light on the situation or have any ideas? Would also appreciate any suggestions if theres a better way to do things.
Apologies for the long post, but I figure it's probably very frustrating when people come with issues & no info.
New to opnsense so I'm confident I have a setting wrong somewhere and have googled quite extensively to try and figure out the issue. I have found similar threads to my situation, but they seem to have either died off or been magically resolved with some setting the OP can't remember.
After setting up opnsense I decided to install adguard (on the opnsense host itself) - the same as I was previously doing on openwrt before switching over.
OPNsense Versions:
Quote
OPNsense 23.1.1_2-amd64
FreeBSD 13.1-RELEASE-p6
OpenSSL 1.1.1t 7 Feb 2023
Package Versions:
Code: [Select]
Adguard Home v0.107.25 - installed from mimugmail's repo "os-adguardhome-maxit" v1.8
Unbound v1.17.1_2
I believe the way I have setup things the flow should work like this:
LAN Clients -> Adguard (10.0.0.1:53) -> Unbound (10.0.0.1:5553) -> Upstream Servers (Unbound DNS over TLS)
When trying to update in GUI I am given this output -
Code: [Select]
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.1.1_2 at Thu Feb 23 23:22:38 GMT 2023
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/meta.txz: No address record
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.pkg: No address record
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/latest/packagesite.txz: No address record
Unable to update repository OPNsense
Updating mimugmail repository catalogue...
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/meta.txz: No address record
repository mimugmail has no meta file, using default settings
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.pkg: No address record
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz: No address record
Unable to update repository mimugmail
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
Obviously this leads me to believe it is a DNS issue, so I tried to resolve "pkg.opnsense.org" in Interfaces > Diagnostics > DNS Lookup -
Code: [Select]
Hostname:pkg.opnsense.org
Server:
Result -
Query failure
Error: error sending query: Could not send or receive, because of network error
So I repeated the test only this time specifying 10.0.0.1 as the server (presumably port 53) -
Code: [Select]
Hostname:pkg.opnsense.org
Server:10.0.0.1
Result -
Type:A
Answer:pkg.opnsense.org. 30 IN A 89.149.211.205
Server:10.0.0.1
Query time: 0 msec
Type:AAAA
Answer:pkg.opnsense.org. 340 IN AAAA 2001:1af8:4f00:a005:5::
Server:10.0.0.1
Query time: 22 msec
With the above... I am sure something needs changing to get OPNsense communicating correctly, but I am unsure what to do.
A few settings that might be applicable:
System > Settings > General:
Networking:
Code: [Select]
Prefer IPv4 over IPv6:✘
DNS Servers:none
Allow DNS server list to be overridden by DHCP/PPP on WAN:✘
Do not use the local DNS service as a nameserver for this system:✘
Services > Unbound DNS > General:
Code: [Select]
Enable Unbound:✓
Listen Port:5553
Network Interfaces:LAN,WAN
Enable DNSSEC Support:✓
Outgoing Network Interfaces:All
Services > Unbound DNS > DNS over TLS:
Code: [Select]
Server:9.9.9.9
Port:853
Verify CN:dns.quad9.net
Server:149.112.112.112
Port:853
Verify CN:dns.quad9.net
Server:1.1.1.1
Port:853
Verify CN:cloudflare-dns.com
Server:1.0.0.1
Port:853
Verify CN:cloudflare-dns.com
Services > Adguard Home > General:
Enable:✓
Adguard settings:
Code: [Select]
Upstream DNS Servers:
127.0.0.1:5553
Bootstrap DNS Servers:
127.0.0.1:5553
Private reverse DNS Servers:
127.0.0.1:5553
Use private reverse DNS resolvers:✓
Enable reverse resolving of clients' IP addresses:✓
Enable DNSSEC:✓
is anyone able to shed some light on the situation or have any ideas? Would also appreciate any suggestions if theres a better way to do things.
Apologies for the long post, but I figure it's probably very frustrating when people come with issues & no info.