Messages

1

22.7 Legacy Series / Re: DNS not working from firewall, OK from LAN

« on: December 29, 2022, 11:25:29 am »

If you want to (or have to) use specific DNS servers, type the IPv4 and IPv6 addresses of each server on dns server field and uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN", save and apply changes and run diagnostics explained in diagnostics section again.

Servers are fine, but still I get randomly IPv4 and IPv6 time out thingy when running nslookup on my computer

Thanks for the detailed rundown. I didn't mention it in my post, but actually everything works fine with ipv6. I disable all ipv6 configuration (wan / ipv6 set to None and lan / ipv6 set to None).

I am trying to debug specifically reaching an ipv4 DNS.

Diagnostics:

Go to Interfaces ---> Diagnostics ---> DNS lookup and type google.com on "Hostname or IP" (leave "server" field empty) then click apply. If under "server" you see list of public IPv4 and / or IPv6 addresses and under "Answer" has correct google.com addresses, then your WAN receives response on DNS and quite possibly, culprit is having enabled IPv6 on LAN, in which case you have to enable IPv6 on unbound settings.

The DNS lookup from opnsense is not working, I either get no response (when I leave the server field empty), either get Error: error sending query: Error creating socket when I add a DNS ip address (1.1.1.1)

On windows, you can confirm this by opening command prompt, type "nslookup" without quotations and press enter, if you get time out and finally server is Unknown with IPv6 address, your machine is trying to use IPv6 DNS, instead of IPv4.

That's the weird part, nslookup is working fine from a LAN computer (directly to a third party DNS server).
nslookup targeting unbound running on opnsense give me Server failed. (which make sense, because opnsense can't resolve DNS name, see above).

2

22.7 Legacy Series / Re: DNS not working from firewall, OK from LAN

« on: December 29, 2022, 11:21:03 am »

Just for confirmation, do you have a DNS server entry in System/Settings/General?

I tried with my ISP DNS, with cloudflare DNS, and without any DNS.

The result is the same.

Anyways, using host opnsense.org 1.1.1.1 should query 1.1.1.1 DNS server regardless of the settings, no?

3

22.7 Legacy Series / Re: DNS not working from firewall, OK from LAN

« on: December 27, 2022, 08:17:39 pm »

Are your LAN computers given IP addresses & DNS server IPs via DHCP? What do you mean by "OPNsense computer is not able to resolve DNS:"?

Hi,

Yes LAN computers are recieving ip adresses and DNS servers as configured in the dhcp settings.

By opnsense computer I mean the computer with both the WAN and LAN interfaces on which opnsense is running.

From the shell on said computer I can ping ip addresses but not hostnames. Furthermore, both the host and drill commands are failling.

4

22.7 Legacy Series / DNS not working from firewall, OK from LAN

« on: December 27, 2022, 06:59:37 pm »

Hello,

I have a fresh installation (OPNsense 22.7.10_2-amd64). I configured my WAN and my LAN, the computers on the LAN side have proper internet access.

I put cloudflare DNS into the DHCP settings for LAN, because the OPNsense computer is not able to resolve DNS:

If I try

Code: [Select]

host opnsense.org 1.1.1.1
I get:

Code: [Select]

;; connection timed out; no servers could be reached
Although pinging 1.1.1.1 and pinging opnsense.org by ip adress both work fine.

Doing

Code: [Select]

nslookup opnsense.org 1.1.1.1from a LAN computer works fine as well.

I tried adding PASS rules for DNS requests, disabling pf, and messing up with opnsense configuration, but I could not solve the problem.

What can I try to diagnose the issue?

Thanks