Topics

I've been learning about DNS leaks and have recently moved to DNS over TLS. I think I've correctly cleared out the legacy DNS settings in OPNsense but, when comparing 2 devices on my network, I'm getting confusing results.

The machines are Win11 and Ubuntu and both are pointed at the OPNsense box for DNS lookups. Using Mullvad connection test, the Win machine is showing no leaks but the Ubuntu machine is showing a leak. My confusion is that both machines should be forced through the same DNS over TLS via Unbound.

What is the best way to do a "traceroute" on DNS processing? I've been looking at Unbound logs but, frankly, I have no idea why the 2 machines are reporting different outcomes on the same test.

Apologies as I'm not sure how best describe my issue...

I'm using OPNsense + Unbound as my primary DNS and I have a DDNS domain. Everything has been fine but I'm trying to implement an NGinx server and now I have a DNS question. I've added an additional wildcard "A Record" to my domain that is "*local." and this is along side my main DDNS "A Record" of "mydomain.com".

1) When I do a NSLOOKUP of "mydomain.com" from within my home network, I get the return of my DDNS IP (assigned by my ISP)...
2) When I do the same for "local.mydomain.com" or "server.local.mydomain.com", I get "*** Can't find local.mydomain.com: No answer" (???)
3) I've confirmed that the lookup works when using a DNS server outside my network

Is there something about Unbound configuration that I'm missing? Any help would be appreciated.

Hello, All...

I'm recently moved over from pfSense and I'm now running the latest OPNsense... I have 2x banking apps on my mobile: one works fine but the other will start to log in and then fail with a silly message that "something has gone wrong"

If I turn off WiFi, the app connects fine via mobile data. If I log into the same institution's site via browser, no issue. To be fair, the switch to OPNsense may just be a bad coincidence but I didn't have this issue before very recently.

Any suggestions as to how I might debug and correct?

I'm moving over from pfSense where things seemed to be configured OK. Long story..

Steps I've taken:
1) installed the os-upnp plugin and enabled
2) setup is "deny default" and I've added and "allow" for my statically assigned gaming computer
3) NAT config is "hybrid"

I mostly play Destiny2 and uPnP seems to be working in that I have "OPEN" reported in game and the status page on OPNsense is showing UDP ports 3097 and 19199 open to my static IP. My only issue is that randomly the game will declare I'm behind a firewall on startup. If I clear the uPNP sessions and restart the service and restart Destiny2, the issue seems to go away and the same open ports are re-established.

Seems flakey... have I done something wrong? I didn't have this issue on pfSense so I'm trying to understand.

Lastly, I DIDN'T create the NAT rule that is mentioned in other posts. I don't really understand what this rule is supposed to do. I can add it but I'd like to understand.

Big thanks.