"Recent posts
#21
25.7, 25.10 Series / Re: Unwanted route that keeps ...
Last post by Patrick M. Hausen - Today at 12:54:23 AMInterfaces > LAN - is there a gateway set?
#22
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - Today at 12:32:25 AM@neel I had a look: You currently can't build USB installer images (make serial / make vga) on aarch64. The build script wants to add a protective MBR to the image, but this only exists on amd64.
But building an iso image (make dvd) is possible, this has explicitly been enabled for aarch64.
But building an iso image (make dvd) is possible, this has explicitly been enabled for aarch64.
#23
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - December 06, 2025, 11:38:42 PMOPNsense 25.7.9 aarch64 packages and sets released. Includes ndp-proxy-go 0.3.0.
#24
25.7, 25.10 Series / Re: KEA, PiHole and IPv6
Last post by NudgeyNMR - December 06, 2025, 11:23:05 PMA tutorial would be most welcome.
#25
German - Deutsch / Re: 10G Hardware Empfehlungen
Last post by bsch - December 06, 2025, 10:26:01 PMQuote from: knebb on November 30, 2025, 01:15:09 PMOk, jetzt nicht 10GbE, sondern nur 2,5GbE:
ThomasKrenn LES Systeme.
Oder bekommst Du wirklich 10GbE WAN Uplink? Wo ist das? Kann ich umziehen ;)
Ja, ich bekomme 10G :D Wie gesagt... arbeite selbst beim ISP und ja es wird auch in DE langsam XGS-PON ausgerollt. Braucht keine Sau ... aber ich will es bei mir testen. Geht da auch um weitere Test-Szenarien.
Hab mir jetzt die klassische kleine schwarze Mini-PC Kiste mit 2 SFP+ Ports gekauft.
#26
25.7, 25.10 Series / Re: DNS best practice for loca...
Last post by Monviech (Cedrik) - December 06, 2025, 10:18:43 PMRead this section from start to finish, it answers all questions, with examples.
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
#27
25.7, 25.10 Series / DNS best practice for local re...
Last post by cinergi - December 06, 2025, 09:37:10 PMHello,
Just wondering what is considered the best practice for local DNS resolution when using Unbound and dnsmasq together: Unbound running as primary resolver on port 53 and forwarding to dnsmasq on some other port for the local domain? Or vice versa, i.e. dnsmasq on port 53 forwarding non-local queries to Unbound? I'm currently using the latter setup (dnsmasq 53 --> Unbound 5353) but am wondering if the other setup (Unbound 53 --> dnsmasq 5353) would be better in some way. The documentation includes both options as valid.
I recall having some issues when I initially tried Unbound --> dnsmasq, specifically Unbound sometimes randomly stopped forwarding local queries to dnsmasq, but that was in the early days of the transition away from ISC DHCP so it may have been a bug that was since fixed.
For the Unbound --> dnsmasq case, what happens for queries to local non-FQDN host names? For example, if my local domain is home.lan, I would configure Unbound to forward queries for home.lan to dnsmasq; so queries for my-pc.home.lan (for example) would be properly forwarded, no problem there. But what about non-FQDN queries to my-pc without a domain? How would Unbound know to forward those as well?
Thanks!
Just wondering what is considered the best practice for local DNS resolution when using Unbound and dnsmasq together: Unbound running as primary resolver on port 53 and forwarding to dnsmasq on some other port for the local domain? Or vice versa, i.e. dnsmasq on port 53 forwarding non-local queries to Unbound? I'm currently using the latter setup (dnsmasq 53 --> Unbound 5353) but am wondering if the other setup (Unbound 53 --> dnsmasq 5353) would be better in some way. The documentation includes both options as valid.
I recall having some issues when I initially tried Unbound --> dnsmasq, specifically Unbound sometimes randomly stopped forwarding local queries to dnsmasq, but that was in the early days of the transition away from ISC DHCP so it may have been a bug that was since fixed.
For the Unbound --> dnsmasq case, what happens for queries to local non-FQDN host names? For example, if my local domain is home.lan, I would configure Unbound to forward queries for home.lan to dnsmasq; so queries for my-pc.home.lan (for example) would be properly forwarded, no problem there. But what about non-FQDN queries to my-pc without a domain? How would Unbound know to forward those as well?
Thanks!
#28
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by SteffenDE - December 06, 2025, 08:51:30 PMGreat to hear, thanks for the support.
#29
25.7, 25.10 Series / Re: Unwanted route that keeps ...
Last post by abenaou - December 06, 2025, 08:33:49 PMAs a workaround I emplemented a cron to delete that route, I really don't know where to look for anymore :
Code Select
* * * * * /sbin/route delete -host 10.99.200.180 #30
25.7, 25.10 Series / Re: Unwanted route that keeps ...
Last post by abenaou - December 06, 2025, 08:27:08 PMQuote from: Patrick M. Hausen on December 06, 2025, 04:43:15 PMInterface configuration for LAN - did you set a gateway there? Don't.Thanks, I checked, there are no routes configured in both of my LAN interfaces :
If you need static routes pointing to that other firewall, add it as a gateway in System > Gateways and add the static routes as necessary.
system -> routing -> configuration = empty
This is what makes it confusing, is that I don't have any static routes on both firewalls, just the gateways whith different priorities (1 for IPv6 / 2 IPv4 / 256 for the LAN98 interface)
