Messages

[everything]

I'm posting this in the hope others benefit from our pain. After a large Toshiba printer/MFC was replaced on our network with a newer model (an e-STUDIO3525AC), it had a great deal of trouble. The previous model had worked fine, and there were no changes to the OPNsense box's config between the two. Despite trying both dynamic and static network configs, IPv4-only, IPv6-only, etc., the new one could not get DNS resolution of any address, could not ping public IP addresses (even directly, like 8.8.8.8), and was generally poor at obtaining and holding onto its network config. It even complained at various points that the network cable wasn't connected. I used OPNsense's Interfaces > Diagnostics > Packet Capture, limited to the printer's MAC, and saw it was fairly chatty. I tested the new printer on a secondary physical network and all was okay, so it was something about the main network.

When I realised I could ping public addresses from my own PC, but not the firewall's, I found this thread about it. I enabled ICMP with this rule on the LAN interface, in order to test ping from the printer again:

Protocol	Source	Port	Destination	Port	Gateway	Schedule
IPv4+6 ICMP	*	*	This Firewall	*	*	*

To my surprise, everything started behaving. I'm not blaming OPNsense; I think the printer was deciding it wouldn't or couldn't do basic communication without the router responding to certain queries, or something. If you're experiencing such issues, they may be being triggered by default firewall policies.

The last two responses are not at all helpful.

Look for:
DHCP Static Mappings

We're all already using those, which is why we'd like to be able to specify aliases for them.

You may use Dnsmasq DNS instead of Unbound. It allows easier configuration of aliases.

It has the exact same issue (I mentioned it in my first reply). The hosts that are already mapped to an IP in DHCP are not present in the Unbound or Dnsmasq lists, so one cannot assign aliases to them. An IP address must be double-specified (once in DHCP and once in the chosen DNS override service) for each host you require aliases for.

This is still a problem. The workaround is adding explicit A/AAAA overrides, which is double-specification, when the entire point of registering the DHCP hosts in Unbound/Dnsmasq is to avoid that. It would be nice to be able to create arbitrary Aliases, but I'm forced to attach them to an existing override.

What if the lists that show overrides in Unbound and Dnsmasq could, in addition to showing regular overrides, show the DHCP hosts as non-editable pseudo-entries so that relevant aliases could be added?