Messages

Spoke too soon - after a few hours, I tried on another laptop and my external domains dns does not resolve either on 25.7. :(

Google brought me to https://github.com/opnsense/core/issues/9749

There is a link to another issue - and reminded me of my above post with the custom conf file. I plugged it back in and the 'server=/mydomain.com/1.1.1.1' seems to override the local=/mydomain/ in the main dnsmasq.conf file for opnsense.

I restarted and can see a warning on the DNSMaq page with "The configuration contains manual overwrites, these may interfere with the settings configured here."

This confirmed my changes took place and is used - and it does now seem to work across multiple machines on my lan as before.

I have similar issue - to clarify my setup:

I have a local domain which is the same as my external domain. I run AGH and forwards to DNSMasq. I have a custom conf file in /usr/local/etc/dnsmasq.conf.d/custom-domain.conf with the contents

Code Select Expand

# Only answer for known hosts, forward unknown queries upstream
server=/mydomain.com/1.1.1.1
domain=mydomain.com
This use to work on the 25.7 series - but once I updated to 26.1 I cannot access any of the self hosted sites on from my LAN such as sub-domain.mydomain.com. I determined in was DNS by just running a nslookup on the URL's and getting no answer back.

Does your DNS resolve? Just reverted to 25.7 and all is well again (took a config backup - so was easy with the opnsense installer!)

I think the problem is the local domain flag works in the dnsmasq setting - I couldn't see that change in the generated dnsmasq.conf (what I think the setting is in the config file).

I have a 'ban'/block alias in OpnSense to block ip address. This alias is managed via Fail2Ban where I use a script to call the OpnSense WebAPI to add or delete from an Alias. Each time the configuration changes from this, I can see a config backup is created.

Is there a way to execute a change to the alias but not have OpnSense automatically create a configuration back xml file?

I tried to specify a different dhcp-lease-time value in the latest version of opnsense. (Found referenced here https://forum.opnsense.org/index.php?topic=20323.0)

This is what I put in the Option Modifiers on the WAN interface under Advance.

supersede dhcp-lease-time 86400

Enabled and disabled the WAN interface to attempt to pick up the value. When I cat the file /var/db/dhclient.leases.re1 I get (re1 is the WAN interface)


  ...
  option dhcp-lease-time 3600;
  option dhcp-message-type 5;
  ...


I expected by override value to be specified?

Thanks - that pointed me to the right direction.
Can only think of putting 0.0.0.0 into bind hosts which will bind all interfaces. Did this because if the WAN address changes and track interface will change the LAN address.

But it does mean all interfaces are bound. Guess I need a port block on WAN for port 53? Or is there any other implications?

Starting out with ipv6. I have been running AGH on port 53 and Unbound upstream on port 8853. This works great on ipv4. Trying out ipv6 and on the LAN I have the track interface.

When I run dig from a client and specify the lan ipv6 addres on 53, I get a timed out error and no reply. If I specify port 8853 for unbound with the ipv6 this works fine. It seems AGH isn't listening on the LAN ipv6 address. Is there any way to set this up? I can't find anything for this.