1
21.7 Legacy Series / DNS name / resolved IP of opnsense itself when using HA
« on: January 03, 2022, 01:20:22 pm »
Hi,
I switched over to opnsense from pfsense and most things work like expected. (Very nice upgrade!)
But one thing is really confusing and a bit problematic:
I setup a mapping IP <-> opnsense-hostname in "Unbound DNS" -> "Overrides", eg, an entry
172.16.0.2 opnsense1.compute.local
The reverse lookup is fine. But when I do a
host opnsense1.compute.local
it returns
1. the opnsense internal IP
2. the HA-syncnetwork IP
3. the WAN - IP.
+ 3 local bound IPv6 addresses. This is a problem because in most cases the WAN IPs are the first result, eg when trying to access the UI it is not possible because UI isn't accessible via WAN. Same for monitoring because of course SNMP isn't listening on WAN interface. And the HA-syncnetwork IP isn't reachable from any other network.
Now I checked:
host opnsense1.compute.local 172.16.0.2
and
host opnsense1.compute.local 172.16.0.3
First call asked the current master and returns the weird result described. The second call uses the slave and gives the result as expected, eg simple "opnsense1.compute.local has address 172.16.0.2" which is expected and wanted and configured in DNS server overrides.
Next: this only happens to the active master node entry. When asking for opnsense2.compute.local it returns always the configured value (in that case 172.16.0.3)
So it looks like it is an effect when using the HA (unbound DNS setting are synchronized). I didn't detect any option how to disable the effect so has somebody an idea what I did wrong?
Rajko
I switched over to opnsense from pfsense and most things work like expected. (Very nice upgrade!)
But one thing is really confusing and a bit problematic:
I setup a mapping IP <-> opnsense-hostname in "Unbound DNS" -> "Overrides", eg, an entry
172.16.0.2 opnsense1.compute.local
The reverse lookup is fine. But when I do a
host opnsense1.compute.local
it returns
1. the opnsense internal IP
2. the HA-syncnetwork IP
3. the WAN - IP.
+ 3 local bound IPv6 addresses. This is a problem because in most cases the WAN IPs are the first result, eg when trying to access the UI it is not possible because UI isn't accessible via WAN. Same for monitoring because of course SNMP isn't listening on WAN interface. And the HA-syncnetwork IP isn't reachable from any other network.
Now I checked:
host opnsense1.compute.local 172.16.0.2
and
host opnsense1.compute.local 172.16.0.3
First call asked the current master and returns the weird result described. The second call uses the slave and gives the result as expected, eg simple "opnsense1.compute.local has address 172.16.0.2" which is expected and wanted and configured in DNS server overrides.
Next: this only happens to the active master node entry. When asking for opnsense2.compute.local it returns always the configured value (in that case 172.16.0.3)
So it looks like it is an effect when using the HA (unbound DNS setting are synchronized). I didn't detect any option how to disable the effect so has somebody an idea what I did wrong?
Rajko