"Quote from: nero355 on April 16, 2026, 03:03:57 PMQuote from: daegan_ on April 16, 2026, 06:53:02 AMwhy is local dns resolution hard to configure?It's not :)Quotewhy are there so many poorly documented (within the web ui) legacy features that do not explain when to use said legacy feature?Not sure what you are talking about, but it's mainly a matter of understanding how OPNsense has everything built around Unbound even when you don't use ISC or KEA as the DHCP Server, so everyone using DNSmasqd gets confused easily...Quoteis there a tutorial for opnsense 26.x.x that explains how to setup local dns resolution for unbound+dnsmasqThat is well documented @ https://docs.opnsense.org/
But this part :Quoteso that pihole can see host names?Is something you will have to figure out yourself by understanding how DNS in OPNsense works :
Clients => DNS Query to Local Gateway IP => Query goes to Unbound @ Port 53 => DNS Records are requested directly from the Root DNS Servers.
This is a problem when you are using DNSmasqd that also does DNS :
Clients => Request for DHCP IP Address => Query goes to DNSmasqd which runs on the Local Gateway IP => DNSmasqd sends the available DHCP IP Address to the Client and registers it's Hostname in it's DNS Database/Cache.
But...
Unbound doesn't know the Hostname of the Client unless you make sure it queries DNSmasqd @ Port 53053 Locally.
So this :Quotepi hole conditional forwarding has been enabled.Does not work even when you (Correctly! Mind the syntax !!) ENABLE it and tell Pi-Hole to query the Local Gateway IP for DNS Records => They all go to Unbound and NOT DNSmasqd !!Quoteany leads to help educate me on this matter are appreciated.IMHO the best you can do is this :Quote from: Seimus on April 16, 2026, 10:06:40 AM(Personally I would not do this, I would just setup Unbound on the Pi-Hole and direct Pi-Hole to use the local Unbound resolver + then disable Unbound on OPNsense and point OPNsense Clients to Pi-Hole asI did the same right after installing OPNsense since I already had https://docs.pi-hole.org/guides/dns/unbound/ running for years! ;)itstheir DNS server)
For Local DNS Resolution I have also been using the Local DNS Records option in Pi-Hole for many years.
But in your case you could change DNSmasqd Port 53053 to Port 53 after disabling Unbound on OPNsense and your Conditional Forwarding in Pi-Hole should then start to work :)Quotei have figured out how to tell dnsmasq to specify pihole as the dhcp advertised dns server.That will work, but is IMHO a mess and should not be the desired setup, because then you need to :
so the dns flow is client -> pihole -> opnsense ip as the dns upstream on pihole
- Tell OPNsense Unbound about OPNsense DNSmasqd.
- Tell Pi-Hole that it's OK to send Local DNS Queries to the Upstream DNS Server.
Hope this all works for you as an explanation and if you need more help then let me know :)
this goes leaps and bounds towards my understanding. I very much appreciate you taking the time to post.
