"
If I enable "Allow DNS server list to be overridden by DHCP/PPP on WAN" and disable unbound dns the clients will get the DNS-servers defined in "System: Settings: General" and I can access the internet. However DNS-Based ad blocking (unbound) does obviously not work.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
24.7, 24.10 Legacy Series / Re: Multi WAN - DNS not working
January 10, 2025, 03:57:06 PM
Did that (tried that before too), no more error message but also still not working. Also still no logged queries.
If I tick System--> Settings-->General "Allow DNS server list to be overridden by DHCP/PPP on WAN " DNS on the firewall works (Interfaces: Diagnostics: DNS Lookup) but still does not work on the client. (also tried disabling DNS over TLS, still no change)
If I tick System--> Settings-->General "Allow DNS server list to be overridden by DHCP/PPP on WAN " DNS on the firewall works (Interfaces: Diagnostics: DNS Lookup) but still does not work on the client. (also tried disabling DNS over TLS, still no change)
#3
24.7, 24.10 Legacy Series / Re: Multi WAN - DNS not working
January 09, 2025, 06:49:35 PM
I tried with the specific IP address, did not change anything
Then I reinstalled Opnsense just to start fresh and make sure no potential old configurations are at fault.
Nothing changed.
I also checked "Log Queries" in Unbound->Advanced, however in the Unbound Log I only get
2025-01-09T17:13:38 Critical unbound [3649:0] fatal error: Could not set root or stub hints
2025-01-09T17:13:38 Error unbound [3649:0] error: could not read root hints /root.hints: Permission denied
Could that be the problem?
Then I reinstalled Opnsense just to start fresh and make sure no potential old configurations are at fault.
Nothing changed.
I also checked "Log Queries" in Unbound->Advanced, however in the Unbound Log I only get
2025-01-09T17:13:38 Critical unbound [3649:0] fatal error: Could not set root or stub hints
2025-01-09T17:13:38 Error unbound [3649:0] error: could not read root hints /root.hints: Permission denied
Could that be the problem?
#4
24.7, 24.10 Legacy Series / Re: Multi WAN - DNS not working
January 08, 2025, 04:46:29 PM
You cannot view this attachment.
is that correct?
is that correct?
#5
24.7, 24.10 Legacy Series / Re: Multi WAN - DNS not working
January 07, 2025, 05:19:57 PM
I restarted unbound, restarted the firewall, both multiple times
All other connections seem to be fine, when i get a fixed IP on the client with another DNS everything works.
Disabling TLS on Unbound changes nothing.
Thanks
Daniel
All other connections seem to be fine, when i get a fixed IP on the client with another DNS everything works.
Disabling TLS on Unbound changes nothing.
Thanks
Daniel
#6
24.7, 24.10 Legacy Series / Re: Multi WAN - DNS not working
January 06, 2025, 12:44:52 PM
It was off (not checkmarked).
I checkmarked it, but the problem is still the same.
I checkmarked it, but the problem is still the same.
#7
24.7, 24.10 Legacy Series / Multi WAN - DNS not working
January 03, 2025, 09:15:24 AM
Hello,
I just changed to a multi-WAN setup due to a unreliable main WAN connection. I followed this documentation.
I use UNbound-DNS with DNS over TLS.
I enabled "Default Gateway Switching" via System->Settings->General as per the documentation.
the failover works, except for DNS. I can Ping external IPs, and when I use a different DNS on the client (for instance 8.8.8.8 directly with a fixed IP instead of DHCP with the firewall as DNS) everything works perfectly.
Any ideas where to start?
Thanks
Daniel
I just changed to a multi-WAN setup due to a unreliable main WAN connection. I followed this documentation.
I use UNbound-DNS with DNS over TLS.
I enabled "Default Gateway Switching" via System->Settings->General as per the documentation.
the failover works, except for DNS. I can Ping external IPs, and when I use a different DNS on the client (for instance 8.8.8.8 directly with a fixed IP instead of DHCP with the firewall as DNS) everything works perfectly.
Any ideas where to start?
Thanks
Daniel
#8
22.7 Legacy Series / Re: DNS(?) not working on fresh install
November 27, 2022, 04:56:39 PMQuote from: WN1X on November 27, 2022, 04:52:46 PMYes, I tried both "none" and my wan. results do not change
Under System->Settings->General where you entered the DNS servers, did you set the correct "Use Gateway" for each server?
Quote
Also, did you renew the client DHCP after making your OPNSense modifications?
Yes.
#9
22.7 Legacy Series / DNS(?) not working on fresh install
November 27, 2022, 03:14:13 PM
Hello,
I did a fresh install of opnsense.
I got the WAN working.
opnsense is also the DHCP-server on the lan.
I can ping ip addresses (8.8.8.8) from clients and from opnsense.
I can DNS-resolve on opnsense (interfaces-diagnostics-DNS lookup).
Hower I cannot DNS resolve from any client.
nslookup google.com : "*** firewall.home can't find google.com: Server failed"
nslookup google.com 8.8.8.8 returns a DNS timeout.
DNS i got from DHCP is the opnsense box.
What I tried:
1) reinstalling
2) deactivating all DNS resolvers on opnsense, setting 1.1.1.1 and 8.8.8.8 as DNS in the general settings and dactivating "allow DNS override from WAN"
3) setting 1.1.1.1 or 8.8.8.8 as manual DNS on the client side.
Unfortunately nothing helped.
Any ideas?
Thanks
Daniel
I did a fresh install of opnsense.
I got the WAN working.
opnsense is also the DHCP-server on the lan.
I can ping ip addresses (8.8.8.8) from clients and from opnsense.
I can DNS-resolve on opnsense (interfaces-diagnostics-DNS lookup).
Hower I cannot DNS resolve from any client.
nslookup google.com : "*** firewall.home can't find google.com: Server failed"
nslookup google.com 8.8.8.8 returns a DNS timeout.
DNS i got from DHCP is the opnsense box.
What I tried:
1) reinstalling
2) deactivating all DNS resolvers on opnsense, setting 1.1.1.1 and 8.8.8.8 as DNS in the general settings and dactivating "allow DNS override from WAN"
3) setting 1.1.1.1 or 8.8.8.8 as manual DNS on the client side.
Unfortunately nothing helped.
Any ideas?
Thanks
Daniel
#10
German - Deutsch / Re: port outbound über VPN routen
September 04, 2019, 09:04:34 PM
Gibt es hier keine Info? Wäre ich im Englischsprachigen Teil für diese Frage besser aufgehoben?
vielen Dank
Daniel
vielen Dank
Daniel
#11
German - Deutsch / Re: unbound DNS override - Port?
September 03, 2019, 07:59:02 AM
ja, das macht sinn, hätte mir auch selbst auffallen können.
Ich habe sogar bereits einen nginx reverse-proxy am laufen.
Ich muss dann aber trotzdem den DNS override service1.home.lan --> nginx-ip erstellen, ist das richtig?
danke
Daniel
Ich habe sogar bereits einen nginx reverse-proxy am laufen.
Ich muss dann aber trotzdem den DNS override service1.home.lan --> nginx-ip erstellen, ist das richtig?
danke
Daniel
#12
German - Deutsch / port outbound über VPN routen
September 02, 2019, 10:21:45 PM
Hallo,
ich habe mehrere Services auf einem Docker-Host laufen.
Service1: 10.0.0.99:5555
Service2: 10.0.0.99:2222
Service3: 10.0.0.99:1234
Ich will nun einen spezifischen Service (der über Port 1234 läuft) über einen VPN routen.
Gibt es hier eine Anleitung?
vielen Dank
Daniel
ich habe mehrere Services auf einem Docker-Host laufen.
Service1: 10.0.0.99:5555
Service2: 10.0.0.99:2222
Service3: 10.0.0.99:1234
Ich will nun einen spezifischen Service (der über Port 1234 läuft) über einen VPN routen.
Gibt es hier eine Anleitung?
vielen Dank
Daniel
#13
German - Deutsch / Re: gateway immer offline?
September 02, 2019, 10:03:15 PM
Block private networks war bereits deaktiviert.
#14
German - Deutsch / [Gelöst] unbound DNS override - Port?
September 02, 2019, 09:21:10 PM
Hallo,
ich habe auf einem Docker host verschiedene (interne) services gehostet. statt mir nun dockerIP:port zu merken würde ich gerne ein DNS override anlegen.
Ich kann service.home.lan ein DNS override auf 10.0.0.99 (docker IP) anlegen.
Allerdings hätte ich gerne:
service1.home.lan --> 10.0.0.99:5000
service2.home.lan --> 10.0.0.99:1815
service3.home.lan --> 10.0.0.99:2460
etc.
wie kann man das bewerkstelligen?
vielen Dank
Daniel
ich habe auf einem Docker host verschiedene (interne) services gehostet. statt mir nun dockerIP:port zu merken würde ich gerne ein DNS override anlegen.
Ich kann service.home.lan ein DNS override auf 10.0.0.99 (docker IP) anlegen.
Allerdings hätte ich gerne:
service1.home.lan --> 10.0.0.99:5000
service2.home.lan --> 10.0.0.99:1815
service3.home.lan --> 10.0.0.99:2460
etc.
wie kann man das bewerkstelligen?
vielen Dank
Daniel
#15
German - Deutsch / Re: gateway immer offline?
September 02, 2019, 05:42:27 PM
Ich glaube es ist gelöst: Standardmäßig war "Block bogon networks" deaktiviert, und 10.0.1.x fällt wohl unter diesen Punkt.
