Messages

Nope. Processes are running. Now i did it vice versa (blocky unbound dnsmasq) and it's working. But still iam asking why something like that stops working with a minor update ?!

Hi, since the Update, my Setup is not working anymnore.

I have:

BlockyDNS -> Port 53 --> forwarding internal domains to DNSMASQ on Port 65352 --> forwarding domains, if not resolvable, to unbound port 65353.

Problem: when i ask dnsmasq, its NOT forwading my domain to unbound anymore. this was working before the last update  :(

Maybe a stupid question, but: does dnsmasq provide an gateway for the guest net?

Iam using Blocky (53) and mapping.

That means:
Internal Domains + Arpa —> dnsmasq
Everything else -> unbound

Works fine here :) instead of blocky it could be adguard or whatever

I have problems getting ipv6 working with dnsmasq. RA is active and pool settings are set, but i don't get dnsv6 nor even a ipv6 address on my iPhone. I plan to use dhcpv6 + slaac :/

Edit: got that working by disable the general RA setting...

But now a new issue: how do i get reverse lookups working with dnsmasq?

Setting 30s was enough and Problem fixed (+ a reboot due to that hanging loop).. thanks  :)

I cant add any new certificate NOR recerify them. Iam using ionos and i see no issues regarding DNS record adding... But i see errors like:

Code Select Expand

[Thu Mar 27 19:15:51 CET 2025] Not valid yet, let's wait for 10 seconds then check the next one.
2025-03-27 19:15:51.000 OPNsense.quolke.net
[Thu Mar 27 19:15:51 CET 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
2025-03-27 19:15:51.000 OPNsense.quolke.net
[Thu Mar 27 19:15:51 CET 2025] No DOH
2025-03-27 19:15:51.000 OPNsense.quolke.net
And its repeating for all my certis. There where working before and as mentioned, i can see the DNS records without any issue (and usually, in the past, in 10-30 secods as ionos is fast AF  .. :D)

Iam really trying to improve my shaper knowlege.. But iam hitting a limit ehre and there.

Long story short:

I have a normalization rule, adding CS3 to all packages coming/going to a specific device and a rule, looking for traffic containing CS3 traffic. But for some reason, the rule is matching ALL traffic from all VLANs  :|

A bit dirty but:
- change unbound zone mode to transparent
- add specific subdomains to unbound
- enable dnsmasq with another port then 53
- forward domain to dnsmasq
- add wildcard to dnsmasq

That's what coming in my mind right now

Or Tailscale, which in the end opens p2p Wireguard tunnel, skipping the jump host :)

Thanks, I know that thread but what I don't understand is, how the config actually looks like in his case. If iam guessing right:
WFQ Pipe and Codel Queues ?

I followed the docs and yes, bufferbloat is (and was the whole time) fine. But still there is the open question, if I can COMBINE codel with WFQ? Sounds like not, but if I could, I would use the new feature to sort packets into the right pipe/queue

Does not work :/ IPTV is multicast here btw

You don't get me right.

I have Bufferfloat queues / pipes already in place. But I wanna use Bandwith priorisation based on source / target / protocol (whatever) in place, too. So my IPTV is working WHILE steam is downloading big blobs. (Weight 1 as default and weight 20 or so for iptv) the traffic matching will be done by the new firewall feature

First: Thank you ! Finally this helps a LOT :)

But i have a question: Is there a (official) way to tackle Bufferbloat AND using Shaping together? I would like to Prio my IPTV but without loosing the pimped bufferbloat  :|