Messages

Hi guys,

I have been struggling for a while with DNS issues on my local network. My local computers, which I have created overrides for in DNS forwarder, suddenly stopped resolving on a few, but not all, of my systems. I managed to track the issues down to my experimentation with OpenDNS and more specifically to DNS servers in System: Settings: General.

Here is the system version:    
OPNsense 17.1.4-i386
FreeBSD 11.0-RELEASE-p8
OpenSSL 1.0.2k 26 Jan 2017

With the following entries, everything works fine:
DNS Server
- 208.67.220.220
- 208.67.222.222

My computer receives both IPv4 and IPv6 addresses from the LAN interface on OPNsense:
# Generated by NetworkManager
nameserver 10.0.0.1
nameserver 2001::1 (not my real IPv6)

I then added OpenDNS IPv6 servers in System:Settings:General, ending up with this list:
DNS Server
- 208.67.220.220
- 208.67.222.222
- 2620:0:ccc::2
- 2620:0:ccd::2

Resulting in that the IPv6 addresses "bleed through" and my computer ends up with:
# Generated by NetworkManager
nameserver 10.0.0.1
nameserver 2001::1
nameserver 2620:0:ccc::2
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2620:0:ccd::2

Using only IPv6 DNS addresses in System:Settings:General result in no IPv6 address given out to clients at all, my computer only gets IPv4:
# Generated by NetworkManager
nameserver 10.0.0.1

I would expect that the DHCP server ignores whatever servers are configured under System:Settings:General and only give ut LAN interface addresses, but that does not seem to be the case with IPv6. Does anyone have an idea why this happens?

And while I'm asking, although unrelated to my original issue, why are link-local addresses not allowed to be used for DNS lookup?

/Espen

Hi, and thank you, both for the welcome and the quick response. :)

And you were spot on with your suggestion. Checking it and attempting another reboot, the system came online with everything working!
I keep wondering now why I did not try it before, perhaps because I found no information that any authentication was required?

Anyway, case solved, thank you very much

/Espen

Hi guys,

I recently discovered OPNsense and attempting to replace my existing pfsense installation to OPNsense instead but while IPv4 is running with no issues, I'm having some problems getting IPv6 up and running so I'm seeking some advice here.

Here are my installation details:

Code Select Expand

OPNsense 17.1.2-amd64
FreeBSD 11.0-RELEASE-p7
OpenSSL 1.0.2k 26 Jan 2017

On the WAN interface it is configured to use DHCPv6 with the following basic options for the client configuration:

Code Select Expand

Request only an IPv6 prefix (X)
DHCPv6 Prefix Delegation size [48]

Per my ISP instructions, the prefix delegation size is correct and a WAN address is optional.

The LAN interface is configured to track the WAN interface with a prefix of 0.

My problem is that when I reboot OPNsense, there is no IPv6 connectivity and I've been looking through logs but can find no trace of anything related to IPv6, no errors or any indication that dhcp6c has even attempted to run.

But if I SSH to the installation and run the following command from the shell

Code Select Expand

/usr/local/sbin/dhcp6c -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_vtnet0.pid vtnet0 then suddenly everything works, LAN and all the computers on the network assign themselves an IP using SLAAC.

I do not think there are any errors in the configuration on my part, it's mostly just mirrored from my already working pfsense configuration but I might be missing something.