Messages

Do you see any blocked DHCP traffic for the VLANs in the firewall live view?

I could be reading your post incorrectly, but when you say "parent" interface do you mean a non-VLAN subnet? If you mix tagged and untagged traffic on the *same* trunk port, that could be the problem. See here and note the orange box: https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html

1) I exported the Kea reservations and opened them in Excel. I used all of the column headers as posted earlier (i.e., I left unused entries blank) and left the headers in the same order as posted (the Kea columns are named slightly different and are in a different order). I then copied/pasted the data into the correct columns. Lastly, I saved as CSV format and imported into DNSmasq.

2) Sorry, I did not save the import file. I deleted it after importing.

So local lookups would need to follow the path: Adguard (53) --> Unbound (5353) --> DNSmasq (53053).  Oof...

This is my setup and it is working flawlessly. I am using a different port for Unbound because 5353 is used by mDNS. I believe Adguard and Unbound both have DNS caches so not every request is going to result in 2 upstream requests.

Do you see any blocked DHCP traffic for the VLANs in the firewall live view? Your post says that you only have firewall rules for the LAN.

I just switched over from Kea v4 to DNSmasq for DHCP. Unbound is pointed to DNSmasq for internal lookups and it is working fine in my configuration (some vlans, ip v4 only and AdGuard->Unbound for DNS.

I made the switch from Kea v4 to DNSMasq v4 and everything seems to be working correctly. I have a half-dozen vlans and use clients->AdGuard->Unbound for DNS. Look ups from Unbound to DNSMasq for dynamic hosts are working. I followed the configuration example in the docs. The hardest part (and it was not a big deal) was doing the export of Kea reservations and reordering/renaming the columns so that they matched the import for DNSMasq.

Thank you OPNsense team for continuing to improve this amazing software!

My understanding from a response on another thread is that the static start IP address should be the first address that you want to use for a static reservation. 10.11.12.1 would most likely be used by your router, so you'd use 10.11.12.2.

I figured it out by creating a test entry and then doing an export. The headers in the export/import file are:

host,domain,ip,client_id,hwaddr,lease_time,ignore,set_tag,descr,aliases

I plan to migrate from KEA v4 over the weekend.

E.g. if your network is 192.168.1.0/24 and you want to supply addresses from 192.168.1.100 on, that is your starting address for the static pool.

Thank you!

I've been happy with KEA but I am looking forward to trying out dnsmasq with IPv4. I read the OPNsense dnsmasq docs and the examples are really helpful. However, it is not clear how to setup a subnet that has only DHCP reservations and no dynamic addresses. I assume I set up a subnet and create Hosts entries for the reservations. I setup the subnet with mode=static but starting address is a required field. What should the starting address be? I tried to enter the subnet in CIDR format but it wants an actual address.

@gspannu I'd upvote your post if I could :)

Confirmed fixed with the patch. Also fixes live view. Thanks Franco!

What happens when you click on System->Configuration->Backups->Setup/Test Google Drive?

Didn't need to do any command line stuff to get Acme to work. Just create the API Token (not user) and check "Privilege Separation".