Messages

Did you change the listening port to 5353 because you want to run DoT locally?

You're absolutely right about QUAD9 suggesting opnsense disable DNSSEC support, I stand corrected. I do wonder that the pihole/opnsense interaction suffers from the same issue?
Personally, I do not use DNS forwarding or pihole for DNS blacklisting, but use Unbound as the recursive resolver and host for the DNS blacklists. Would this not work for your setup as well?

I'm not sure, but from your explanation, it almost seems you are describing an issue with pihole's DNSSEC support, rather than an issue with opnsense. Does DNSSEC work when you forward to (say) QUAD9?

If you have a configuration backup file, you can make a bootable USB from the OPNSense website: Support-->Documentation.
If you don't have a backup, I'm not sure what you can do but re-initialise and configure your system from scratch.
If you can get to the Console, then you might have a shot at restoring from an older snapshot, but from the image you've posted, I'm not certain your box is booting that far?
Sorry I can't assist more, I'm a Newbie at Opnsense. Perhaps some of the Gurus on this forum can assist where my knowledge stops?

Hi Snuffy2,


I'm a Newbie to Opnsense myself. I've recently performed the same operation as yourself (migrating from ISC to KEA) but without the issue you're facing. Two questions for you:

• When on the Settings page of KEA, did you tick all the relevant interfaces that you'd like to serve DHCP for?
• When on the Settings page of KEA, did you tick the Firewalls Rules checkbox?

I'll take another look later, but that's all I've got for now. KEA pretty much set itself up for me when I followed the tutorial, so I can't help too much. Maybe the experts who have been using Opnsense for year will chime in when they've a moment to spare? 

Hope this helps  :)