OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Benchamoneh »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Benchamoneh

Pages: [1]
1
24.1 Legacy Series / Re: DNS resolution failing using DHCP supplied DNS servers
« on: May 04, 2024, 11:25:19 am »
Slept on it and did some troubleshooting this morning. Finally established it was the FW rules I'd put in that was not allowing connectivity.

The rules:


DNS lookup was failing because in for the Interface section I'd used an inverse match for the WAN internface (!WAN), for some reason this was causing lookups to fail from the DNS server in vlan1 to the Internet. I removed the interface match and it all works as expected.

These are inbound rules on the router so I didn't think they would affect the lookups out to the WAN. Clearly I don't quite understand the inverse match logic, or the DNS traffic flow from my own local recursive resolver to the Internet.

Does this make sense? Can anyone help me understand how the inverse match on the WAN interface would affect lookups from my local server?


2
24.1 Legacy Series / DNS resolution failing using DHCP supplied DNS servers
« on: May 03, 2024, 07:33:29 pm »
I've just finished putting together a new OPNsense router (first one) and have managed to set up up almost everything, but am struggling with DNS resolution. Looking for some help please.

I run a couple of Pi-Hole virtual machines on vlan1 and have users in vlan2. ISC DHCPv4/6 servers are running on both vlans and are allocating IP addresses and gateways as configured. I set 2 DNS servers in the server config for each vlan but when testing I'm unable to browse web pages. I can ping various Internet resources so connectivity is there, just resolution is failing from vlan2.

I've since modified the config of the DHCP servers to use the gateway IP address for resolution which works, but even with firewall rules configured (floating permit IPv4+6 from any to DNS server on TCP/UDP53) I'm unable to resolve from vlan2 using servers in vlan1. I'm also not seeing connection attempts in the logs. I can ping the servers and see the pings though. Is the router intercepting the DNS requests somehow?

I have things working now but not the way I'd like. I am not interested in the router performing DNS lookups, I would rather the clients just go direct to my DNS servers.

I imagine this topic has come up before but searching through the forums here, on Reddit and the Internet at large hasn't brought up this particular use case. Could someone please point out the obvious mistake I've made?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2