Show Posts
1
24.7 Production Series / Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
« on: November 17, 2024, 12:03:21 am »
Putting this out there in case anyone else has issues.
I updated to 24.7.8 today and after doing so noticed DNS resolution was failing intermittently. I have local domain requests forward to my domain controller and those worked fine.
Any request that required forwarding was not going to my pihole server, however I could manually query pihole for DNS just fine.
When I enabled some DNS over TLS servers I previously had enabled in the past for testing, DNs queries were forwarded for external addresses, but not to pihole, instead to those configured DNS over TLS servers, which would be expected.
I had to disable "Enable DNSSEC Support" in the unbound configuration as well as disabling the DNS over TLS servers I have configured in order for DNS traffic to be directed to my pihole instance.
I updated to 24.7.8 today and after doing so noticed DNS resolution was failing intermittently. I have local domain requests forward to my domain controller and those worked fine.
Any request that required forwarding was not going to my pihole server, however I could manually query pihole for DNS just fine.
When I enabled some DNS over TLS servers I previously had enabled in the past for testing, DNs queries were forwarded for external addresses, but not to pihole, instead to those configured DNS over TLS servers, which would be expected.
I had to disable "Enable DNSSEC Support" in the unbound configuration as well as disabling the DNS over TLS servers I have configured in order for DNS traffic to be directed to my pihole instance.