"Recent posts
#1
26.1, 26,4 Series / Re: Cannot resolve specific do...
Last post by Patrick M. Hausen - Today at 12:49:09 AMYes, the problem only affected verifying (DNSSEC) resolvers.
#2
26.1, 26,4 Series / Re: Cannot resolve specific do...
Last post by lmoore - Today at 12:45:24 AMQuote from: Patrick M. Hausen on May 05, 2026, 11:37:03 PMThe .de DNS zone is broken. See here, follow the links - the top two are in English:
https://forum.opnsense.org/index.php?topic=51804.0
Very odd, using Unbound on OpenBSD the MX resolved.
Took a packet capture of queries from a test OPNsense installation and reviewed.
In OPNsense I then disabled:
Services -> Unbound DNS -> Advanced
- Harden Below NXDOMAIN
- Aggressive NSEC
Performed a DNS Lookup in OPNsense and received expected results.
Re-enabled the two settings above and it continues to work - perhaps the issue for .de domains is now resolved.
#3
German - Deutsch / Re: PSA: .de DNS Zone derzeit ...
Last post by Patrick M. Hausen - Today at 12:26:39 AMDas Problem scheint gelöst zu sein. Mehr Info:
https://www.heise.de/news/DNS-Probleme-de-Domains-nicht-erreichbar-11283192.html
https://www.heise.de/news/DNS-Probleme-de-Domains-nicht-erreichbar-11283192.html
#4
General Discussion / Re: [solved] NPTv6 seems to mi...
Last post by OPNenthu - Today at 12:24:43 AMThanks for the quick fix @franco.
Anyone looking into NPTv6 can also refer to https://forum.opnsense.org/index.php?topic=51781.0, especially the first couple of posts from @Maurice on how to do it properly.
Anyone looking into NPTv6 can also refer to https://forum.opnsense.org/index.php?topic=51781.0, especially the first couple of posts from @Maurice on how to do it properly.
#5
26.1, 26,4 Series / Re: Cannot resolve specific do...
Last post by Patrick M. Hausen - May 05, 2026, 11:37:03 PMThe .de DNS zone is broken. See here, follow the links - the top two are in English:
https://forum.opnsense.org/index.php?topic=51804.0
https://forum.opnsense.org/index.php?topic=51804.0
#6
German - Deutsch / PSA: .de DNS Zone derzeit kapu...
Last post by Patrick M. Hausen - May 05, 2026, 11:36:27 PMHallo zusammen,
da schon die ersten Threads hier auftauchen ... es liegt nicht an eurer OPNsense. Das DENIC hat die .de Zone kaputt gemacht.
https://www.reddit.com/r/de_EDV/comments/1t4qlrg/psa_die_dezone_löst_gerade_großflächig_nicht_mehr/
https://news.ycombinator.com/item?id=48027897
https://bsky.app/profile/heise.de/post/3ml54wiav452u
https://bsky.app/profile/echobit.de/post/3ml54h2sbbk2x
Liebe Grüße
Patrick
da schon die ersten Threads hier auftauchen ... es liegt nicht an eurer OPNsense. Das DENIC hat die .de Zone kaputt gemacht.
https://www.reddit.com/r/de_EDV/comments/1t4qlrg/psa_die_dezone_löst_gerade_großflächig_nicht_mehr/
https://news.ycombinator.com/item?id=48027897
https://bsky.app/profile/heise.de/post/3ml54wiav452u
https://bsky.app/profile/echobit.de/post/3ml54h2sbbk2x
Liebe Grüße
Patrick
#7
26.1, 26,4 Series / Re: Cannot resolve specific do...
Last post by viragomann - May 05, 2026, 11:26:37 PMQuote from: Asperamanca on May 05, 2026, 11:04:28 PMI use Unbound DNS with default configuration, and I haven't changed the configuration for a long time. ISo you didn't configure any DNS blocklists and don't use Adguard?
And you don't have query forwarding enabled?
And you don't use DNS over TLS?
Also ensure that the Dnsmasq DNS & DHCP > DNS > Listen port is set to "0".
What exactly do you get if run "nslookup manitu.de" on a client machine?
Ensure the the server IP is the OPNsense interface IP.
#8
Russian - Русский / Re: Помощь в настройке
Last post by lekobyroxa - May 05, 2026, 11:17:43 PMНу так мне по сути то надо настроить PPPoE и L2TP инет, настроить локалку, накрыть это всё WG по разным листам с ASN, сделать резервирование, ну и там фаерволл потыкать порты по прокидывать.
#9
26.1, 26,4 Series / Cannot resolve specific domain...
Last post by Asperamanca - May 05, 2026, 11:04:28 PMHi there,
I'm trying to find a way to diagnose a strange issue: I cannot resolve a specific domain name from my LAN, all other domain names I tested work.
Unfortunately, this is the domain of my mail provider...
manitu.de doesn't work, neither in the browser, nor via ping in the (Windows) command prompt.
All other domains I tried work.
Doesn't work on the phone, either, as long as I'm connected to my Wifi.
If I switch to mobile data only (outside my LAN), I can resolve it.
When I query a domain up/down checker service, the domain is reachable from elsewhere
When I ping the IP address, that works (so it's really a DNS issue).
When I try to ping the domain name from my OpnSense Web GUI, it can be resolved. So the firewall itself somehow resolves it correctly, but the devices from within my LAN cannot.
I have a pretty simple setup, with a local network behind the firewall, and the WAN side. I use Unbound DNS with default configuration, and I haven't changed the configuration for a long time. I also have not upgraded OpnSense since a few days ago. The domain worked until recently.
As an emergency measure, I have added the most important domains to my local 'hosts' file, so I can at least write e-mails.
How do I diagnose such an issue?
My first try is updating to the latest version (mine is less than a week old), but what after that?
Please note that I'm an IT professional, but not in the network administration field.
I'm trying to find a way to diagnose a strange issue: I cannot resolve a specific domain name from my LAN, all other domain names I tested work.
Unfortunately, this is the domain of my mail provider...
manitu.de doesn't work, neither in the browser, nor via ping in the (Windows) command prompt.
All other domains I tried work.
Doesn't work on the phone, either, as long as I'm connected to my Wifi.
If I switch to mobile data only (outside my LAN), I can resolve it.
When I query a domain up/down checker service, the domain is reachable from elsewhere
When I ping the IP address, that works (so it's really a DNS issue).
When I try to ping the domain name from my OpnSense Web GUI, it can be resolved. So the firewall itself somehow resolves it correctly, but the devices from within my LAN cannot.
I have a pretty simple setup, with a local network behind the firewall, and the WAN side. I use Unbound DNS with default configuration, and I haven't changed the configuration for a long time. I also have not upgraded OpnSense since a few days ago. The domain worked until recently.
As an emergency measure, I have added the most important domains to my local 'hosts' file, so I can at least write e-mails.
How do I diagnose such an issue?
My first try is updating to the latest version (mine is less than a week old), but what after that?
Please note that I'm an IT professional, but not in the network administration field.
#10
26.1, 26,4 Series / Issues with connecting for and...
Last post by 01cooperl - May 05, 2026, 10:36:25 PMHi all,
I have 26.1.6 and have been over the last few months having intermittent issues connecting to the network with two pixel 7a devices. The behaviour is that when they are successfully connected via wifi (using unifi access points), there is no issues accessing both local IPs as well as out to the internet. The devices, in no set pattern, drop off the wifi and do not connect with a "Saved / IP configuration failure" status on the android device.
Since this issue I have since migrated the DHCP server to Dnsmasq, ensured that the devices are using device MAC addresses (this was already the case), disabled IPv6 for all interfaces, ensured Router Advertisements are not enabled, checking Unifi settings to ensure there was no issues.
I have Windows, Mac, and other Android devices which are not pixel 7a which work without issues.
I have tried to look at the DHCP and live firewall logs to see what is happening, however I am really at a loss of what is happening short of setting up a fresh instance and starting again (a real nuke for two devices!).
Any advice or things to investigate would be greatly appreciated. Thank you for your help in advance!
I have 26.1.6 and have been over the last few months having intermittent issues connecting to the network with two pixel 7a devices. The behaviour is that when they are successfully connected via wifi (using unifi access points), there is no issues accessing both local IPs as well as out to the internet. The devices, in no set pattern, drop off the wifi and do not connect with a "Saved / IP configuration failure" status on the android device.
Since this issue I have since migrated the DHCP server to Dnsmasq, ensured that the devices are using device MAC addresses (this was already the case), disabled IPv6 for all interfaces, ensured Router Advertisements are not enabled, checking Unifi settings to ensure there was no issues.
I have Windows, Mac, and other Android devices which are not pixel 7a which work without issues.
I have tried to look at the DHCP and live firewall logs to see what is happening, however I am really at a loss of what is happening short of setting up a fresh instance and starting again (a real nuke for two devices!).
Any advice or things to investigate would be greatly appreciated. Thank you for your help in advance!
