Messages

I figured out the issue



When I was connecting to the vpn my search path was disappearing.  None of my internal domains resolve with out the search path. 

on wifi
user@hostname ~ % cat /etc/resolv.conf
search lan.internal
nameserver 10.10.10.1

on WireGuard

user@hostname ~ % cat /etc/resolv.conf
nameserver 10.10.10.1



So the next question I had to ask was how do you add a search path to wireguard
I found it site. https://rakhesh.com/linux-bsd/wireguard-search-domain/

in the DNS servers box you have to add in "10.10.10.1,   lan.internal"
Now everything appears to be woking as expected.

YEs I have


[Interface]
PrivateKey = omitted
Address = 10.10.20.3/32
DNS = 10.10.10.1

[Peer]
PublicKey = omitted
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = omitted.duckdns.org:51820
PersistentKeepalive = 30

I thought DNS would not work at all if DNS = 10.10.10.1 was not set.

I am able to connect to my WireGuard VPN.  I can get to the internet.  I can get to services behind the Wireguard VPN via IP but not by name. How do I get name resolution for services behind the router to work when on the WireGuard VPN?
I followed the how to https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I have to say @Mpegger your post got me through this issue, thank you.  It took me some time.  The first time I ran through every step in your post and still no success so I took a break and did other stuff.  I then found some time again to take another look at the issue.  I went through every setting.  Still not working so I stated doing some testing.  I found I could get things to resolve if I told nslookup to go directly to the IPv4 ip, that is good news.  Looks like part of my issue was IPv6 not fully working.  IPv6 will be a issue for another time.  So I remove the IPv6 settings from DHCP so the /etc/resolv.conf was updated.  Now I can contact the machines via hostname which is a game changer.  I am so grateful for your help. 

I don't want to do manual overrides just like I don't want to manually IP each client with its own ip address.  It is just way too much work.  that is why I use DHCP And DNS so they do the work for me. 
I just want opnsense to automatically add anything that is in
Services: Dnsmasq DNS & DHCP: Leases
IP and hostname to be added to DNS

1. when you say DHCP offering the correct DNS server, do you mean check what DHCP put in /etc/resolv.conf, because yes the router/DHCP server ip's are added to  /etc/resolv.conf properly

Code Select Expand

cat /etc/resolv.conf
search home.arpa
nameserver 2600:4040:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
nameserver 10.10.10.1
2. I thought that was supposed to take the hostname from DHCP and add them to DNS?

3. So that will add any entry that I manually add.  Is there a way to make it so any new machine that registered with DHCP gets their hostname automatically added to DNS?  It would be nice if the process was automatic and not manual. 

I believe the default behavior is a combo of 
Services: Dnsmasq DNS & DHCP and Services: Unbound DNS
which is what I am trying to get working.  My external DNS works but I want it so that when a new machine is added to the network via DHCP, its hostname is automatically gets added to DNS and it can be resolved anywhere internally.  I have never had so much trouble getting this working in the past.   Sorry about not being as cear as possible. Hopefully this works better. 


PDF print out of Services: Unbound DNS: General
screenshot of Services: Unbound DNS: General

and a screenshot from Services: Dnsmasq DNS & DHCP: Leases

Sorry that makes sense.  There are just so many diferent setting I did not know where to start.  I did a fresh install and searched for the suggested setting an it appears that I should only have to
Unbound DNS: General
check
 Register ISC DHCP4 Leases
 Register DHCP Static Mappings
which is did.

still no luck
I just get

** server can't find client: NXDOMAIN

So I gave up and did a fresh install.  Right after the fresh install I had ipv6 connectivity verified with sites like https://test-ipv6.com/.  Once I finished the web wizard my ipv6 went away.  I eliminated all variables by making zero chnges in the web wizerd and ipv6 still went away after completing the web wizard. 

I feel like a idiot.  All external DNS worked.  I did have any internal hostnames properly resolving internally.  I had and still have the issue where internal DNS would not resolve when connected via wireguard.  Now after trying to fix the wireguard issue internal hosts will not resolve properly any more.   
Luckily external is still working at least. 

Yes that fixed it, I only had "Register ISC DHCP4 Leases" checked.  I did not realize that static ones where separate. 

I think I got the errors fixed by giving the dhcp static ip one outside the dhcp server range.  Now I think the only issue is any of the dhcp static entries the dns does not resolve forward or backward.  The dynamic dhcp leases resolve dns just fine, just not the static leases. 

This is a new install of OPNsense 24.1.2_1-amd64. I noticed that I could not resolve all my hosts properly.  Then I looked in the log and notied I had this error for the clinet

2024-03-04T16:04:30-05:00   Error   dhcpd   uid lease 10.10.0.71 for client bc:24:11:xxd:xx:xx is duplicate on 10.10.0.0/24   
2024-03-04T16:04:30-05:00   Error   dhcpd   from the dynamic address pool for 10.10.0.0/24   
2024-03-04T16:04:30-05:00   Error   dhcpd   Remove host declaration s_lan_6 or remove 10.10.0.71   
2024-03-04T16:04:30-05:00   Error   dhcpd   Dynamic and static leases present for 10.10.0.71.

Why am i getting a duplicate?  What is s_lan_6?

There is one other host that is not resolving but also not throwing errors, but I am hoping fixing this issue with fix that issue.