"This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#61
23.1 Legacy Series / Re: 23.1.7_3 dhcp seems to no longer hand out dns and search domains
May 14, 2023, 10:41:14 AM #62
23.1 Legacy Series / Re: 23.1.7_3 dhcp seems to no longer hand out dns and search domains
May 14, 2023, 10:19:14 AM
Cheers!
#63
23.1 Legacy Series / Re: 23.1.7_3 dhcp seems to no longer hand out dns and search domains
May 14, 2023, 09:16:43 AMQuote from: franco on May 13, 2023, 09:37:05 AM
Are you using AdGuard plugin? Possibly AdGuard running on port 53? Or something else out of the ordinary running on port 53 other than Dnsmasq/Unbound?
Cheers,
Franco
I'd love to hear your thoughts as to you why you'd ask.
Even though DNS is working fine and I was able to confirm that my clients weren't picking up DNS and search domain info after a lease renew, I guess it could be something else has changed and my setup no longer works as I expect?
I actually prefer unbound as primary DNS resolver but when I setup split DNS with unbound, the NextDNS cloud portal showed only a single device for all DNS queries (ie, opnsense).
With the nextdns local service, it logs the client name (hostname) for each query which makes it really easy to troubleshoot why a webpage or redirect isn't working. With all queries coming from opnsense, there's no telling as there can be hundreds of queries per minute or even per second sometimes.
#64
23.1 Legacy Series / Re: 23.1.7_3 dhcp seems to no longer hand out dns and search domains
May 13, 2023, 09:47:30 PM
Yes, nextdns actually.
Unbound runs on 5353. Nextdns listens on 53 and has forwarders for my internal domains to localhost:5353. Ive been using this setup for years now, first on pfsense and more recenty on opnsense.
Unbound runs on 5353. Nextdns listens on 53 and has forwarders for my internal domains to localhost:5353. Ive been using this setup for years now, first on pfsense and more recenty on opnsense.
#65
23.1 Legacy Series / Re: 23.1.7_3 dhcp seems to no longer hand out dns and search domains
May 13, 2023, 08:04:58 AM
I'm not so sure anymore if this issue was due to the updates.
I rolled back to 23.1.6 and reverted to a config from a couple of days back. The issue persists.
I reverted another change I made in Unifi controller which didn't help (and it shouldn't have it was unrelated).
I then entered the DNS IP address and search domains in DHCP in OPNsense (which I tried before after the updates) and slowly clients are coming back online.
I have now reverted all the clients manual changes I made to DNS.
I have no idea what is causing this and it did start after the updates yesterday morning. Obvioulsy OPNsense was the first thing I looked at to blame :) . When I looked into it, it looked like when clients renewed their lease they were loosing DNS settings as if OPNsense wasn't passing that along anymore.
Every client, including STB's, mobile devices, appliances lost their DNS settings.
Settings are still in place even though they should'nt have to. I might remove it later today to see what happens.
I rolled back to 23.1.6 and reverted to a config from a couple of days back. The issue persists.
I reverted another change I made in Unifi controller which didn't help (and it shouldn't have it was unrelated).
I then entered the DNS IP address and search domains in DHCP in OPNsense (which I tried before after the updates) and slowly clients are coming back online.
I have now reverted all the clients manual changes I made to DNS.
I have no idea what is causing this and it did start after the updates yesterday morning. Obvioulsy OPNsense was the first thing I looked at to blame :) . When I looked into it, it looked like when clients renewed their lease they were loosing DNS settings as if OPNsense wasn't passing that along anymore.
Every client, including STB's, mobile devices, appliances lost their DNS settings.
Settings are still in place even though they should'nt have to. I might remove it later today to see what happens.
#67
23.1 Legacy Series / Help with rollback
May 12, 2023, 09:11:52 PM
Ive seen and read https://docs.opnsense.org/manual/opnsense_tools.html
I understand which tool does what, but I need to revert all updates I received this morning and go back to last night state.
If this is possible, can someone please help me out?
I understand which tool does what, but I need to revert all updates I received this morning and go back to last night state.
If this is possible, can someone please help me out?
#68
23.1 Legacy Series / 23.1.7_3 dhcp seems to no longer hand out dns and search domains
May 12, 2023, 01:39:50 PM
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Since the updates I installed this morning, clients that renew no longer receive settings other than an IP address, subnet mask and default gateway. No DNS servers or search domains seem to get passed on to clients.
I've noticed this behavior on mobile phones, macos clients, linux clients and windows.
I've seen some other issues recently mentioned on the forums, about dynamic dns, unbound restarting.
Perhaps we can add this to the pile of issues ;).
if theres a quick fix I'd love to hear it, for now Im setting DNS manually.
Thanks.
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Since the updates I installed this morning, clients that renew no longer receive settings other than an IP address, subnet mask and default gateway. No DNS servers or search domains seem to get passed on to clients.
I've noticed this behavior on mobile phones, macos clients, linux clients and windows.
I've seen some other issues recently mentioned on the forums, about dynamic dns, unbound restarting.
Perhaps we can add this to the pile of issues ;).
if theres a quick fix I'd love to hear it, for now Im setting DNS manually.
Thanks.
#69
General Discussion / Re: troubleshooting dhcpv6
December 03, 2022, 07:18:29 PM
No, I didn't like the UDM at all so I sent it back a couple of days after purchase.
#70
22.7 Legacy Series / igmpproxy stops due to interface link down
November 29, 2022, 07:56:39 AM
I am running opnsense on dedicated hardware with 4 intel nics. 2 are for wan/lan and 1 is used for an iptv settop box. All AV hardware in the livingroom is powered off (standby killer), and with that, the stb which brings down the link on the firewall. When that link goes down, igmpproxy stops as well as that subnet is a configured downstream. Igmpproxy does not start when the link comes back up, so every time I need to manually start igmpproxy.
For now, I have taken the stb out of the group that powers off so it stays on standby.
I am looking for a solution that allows me to power off the stb and brings igmpproxy back up when the link comes back up.
- is it possible to configure actions on link activation? Like in an ifup script or something?
- is there a watchdog service to monitor crashed/stopped services and bring them back up?
- Is monit cabable of monitoring a network link, and start igmpproxy when a link comes alive? It looks like it but I couldnt figure it out?
Im not sure if one the above is possible, if there are other/better ways I'm all ears.
Thanks!
For now, I have taken the stb out of the group that powers off so it stays on standby.
I am looking for a solution that allows me to power off the stb and brings igmpproxy back up when the link comes back up.
- is it possible to configure actions on link activation? Like in an ifup script or something?
- is there a watchdog service to monitor crashed/stopped services and bring them back up?
- Is monit cabable of monitoring a network link, and start igmpproxy when a link comes alive? It looks like it but I couldnt figure it out?
Im not sure if one the above is possible, if there are other/better ways I'm all ears.
Thanks!
#71
22.7 Legacy Series / Re: DNS(?) not working on fresh install
November 28, 2022, 08:32:33 AM
From a client try nslookup or dig and specify the dns server to query.
Open your opnsense gui, firewall, log files, live view.
add a filter, dstport=53
Try to resolve, ping hostname or use nslookup from a client. see what the log says.
You probably haven't added a rule to allow that traffic, or made a mistake doing so.
Open your opnsense gui, firewall, log files, live view.
add a filter, dstport=53
Try to resolve, ping hostname or use nslookup from a client. see what the log says.
You probably haven't added a rule to allow that traffic, or made a mistake doing so.
#72
22.7 Legacy Series / unbound bind to localhost
November 26, 2022, 12:55:30 PM
Hi, I am moving my pfsense over to OPNsense.
I am using another primary DNS service, which listens on LAN on 53 and forwards internal domain queries to 127.0.0.1:5353.
I can configure unbound on 5353, but I can only select my LAN or WAN interfaces, I cannot select (as with pfsense) localhost. Screenshot should make clear what I mean. pfsense then does not listen on other interfaces.
In OPNsense, when I select LAN, it listens on both the LAN and localhost, but I would really prefer it does not listen on LAN as well.
Any chance I can set this the same in OPNsense?
Thanks!
I am using another primary DNS service, which listens on LAN on 53 and forwards internal domain queries to 127.0.0.1:5353.
I can configure unbound on 5353, but I can only select my LAN or WAN interfaces, I cannot select (as with pfsense) localhost. Screenshot should make clear what I mean. pfsense then does not listen on other interfaces.
In OPNsense, when I select LAN, it listens on both the LAN and localhost, but I would really prefer it does not listen on LAN as well.
Any chance I can set this the same in OPNsense?
Thanks!
#73
General Discussion / troubleshooting dhcpv6
February 20, 2022, 12:35:27 PM
Hello everyone,
I read https://forum.opnsense.org/index.php?topic=7149.0 and the links it refers to. My situation is a little different. Ive setup dhcpv6 on pfsense before but then it pfsense was the router and firewall as well.
My router is a Unifi UDM pro. I don't like how it does dhcp/dns so I disabled that. Its WAN interface has a provider ipv6 address in a /56. Lets say its ipv6 address is 2001:abcd:1234:0:0443:7e37:7caa:4acb.
I have opnsense running in a vm with a single interface, firewall is disabled and I am only using LAN with DHCP, DHCPv6, Unbound and NTP server.
I configured the LAN interface with a fixed ipv6 in a /64 within the /56 of the WAN interface.
Let's say its 2001:abcd:1234:1:192:168:1:1 :D
I configured DHCPv6, enabled it and it picks up the subnet /64 and shows the correct available range. I configured the range as:
2001:abcd:1234:1:192:168:1:ff - 2001:abcd:1234:1:192:168:1:ffff
Prefix delegation range is empty, delegation size is 64.
I entered a DNS server, NTP server with ipv6 addresses. The rest is default.
For router advertisement I chose:
RA: Assisted
Prio: High
Source address: auto
advertise: enabled
DNS servers: 1 address
The rest is default.
The problem is, my clients get an ipv6 address, but its outside the range of what I configured. Opnsense never shows a lease and the logs are empty. I suspect its getting an address from my ISP via the router WAN interface, but I don't have logging to confirm that.
On the UDM, there is no DHCP running, no ra daemon.
Im not sure whats happening, I can ping the router and opnsense on v6 but how do I get it to use opnsense dhcpv6?
Thanks for the help!
I read https://forum.opnsense.org/index.php?topic=7149.0 and the links it refers to. My situation is a little different. Ive setup dhcpv6 on pfsense before but then it pfsense was the router and firewall as well.
My router is a Unifi UDM pro. I don't like how it does dhcp/dns so I disabled that. Its WAN interface has a provider ipv6 address in a /56. Lets say its ipv6 address is 2001:abcd:1234:0:0443:7e37:7caa:4acb.
I have opnsense running in a vm with a single interface, firewall is disabled and I am only using LAN with DHCP, DHCPv6, Unbound and NTP server.
I configured the LAN interface with a fixed ipv6 in a /64 within the /56 of the WAN interface.
Let's say its 2001:abcd:1234:1:192:168:1:1 :D
I configured DHCPv6, enabled it and it picks up the subnet /64 and shows the correct available range. I configured the range as:
2001:abcd:1234:1:192:168:1:ff - 2001:abcd:1234:1:192:168:1:ffff
Prefix delegation range is empty, delegation size is 64.
I entered a DNS server, NTP server with ipv6 addresses. The rest is default.
For router advertisement I chose:
RA: Assisted
Prio: High
Source address: auto
advertise: enabled
DNS servers: 1 address
The rest is default.
The problem is, my clients get an ipv6 address, but its outside the range of what I configured. Opnsense never shows a lease and the logs are empty. I suspect its getting an address from my ISP via the router WAN interface, but I don't have logging to confirm that.
On the UDM, there is no DHCP running, no ra daemon.
Im not sure whats happening, I can ping the router and opnsense on v6 but how do I get it to use opnsense dhcpv6?
Thanks for the help!
