Messages

I'm using DNSMASQ with IPSETs to enable wildcard firewall rules. I reference the DNSMASQ IPSET with External (Advanced) alias firewall rules.

There seems to be a delay affecting the firewall rule ability to recognize newly resolved IP addresses. Once the DNS query gets answered, the client immediately tries to connect to the destination but the firewall rule rejects the IP. It seems that OPNsense has not yet recognized the updated DNSMASQ IP address resolved for the IPSET.

After a short while it works again, but this is becoming a problem for us.

Is this an expected behavior? Or am I doing something wrong?

Just to close this, I was able to do it in the domains feature of DNSMASQ.

I'm using dnsmasq as my primary DNS server so I can use wildcard "*." firewall rules, while running on AWS. Unbound is disabled. I'm using a fresh 25.7.5 installation from the marketplace.

Now I would like dnsmasq to forward to 169.254.169.253 (AWS DNS Resolver), so that private VPC addresses get resolved as well, such as an RDS instance.

Trying these didn't work, forwarding events is not showing in the logs.
- Setting it in the General DNS servers populates "/etc/resolv.conf" but forward is not happening.
- Adding a "/usr/local/etc/dnsmasq.conf.d/forward.conf" with "server=169.254.169.253" didn't work.
- I don't think it's a network problem as no errors are showing in the logs.