21.1.4 Client DNS resolution issues, solved?

Started by 589media, May 05, 2021, 11:09:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 05, 2021, 11:09:56 PM Last Edit: May 05, 2021, 11:11:27 PM by 589media
I was having a problem with unbound DNS in resolver mode on OPNsense today where no clients could resolve DNS, but the router itself could. As soon as I changed unbound's mode to "DNS Query Forwarding" everything started working!? OPNsense was behind a clients corporate network and I don't know what their stuff was up to since in the shop and most other places the router has been everything works fine. I'm just trying to unpack the possible cause and see if what I did was the correct solution.

The other odd thing was even if I configured a DNS server locally on a client, eg 8.8.8.8, DNS resolution would still not work. Though I did not try using the DNS servers handed to OPNsense via DHCP.
May 05, 2021, 11:36:35 PM #1
Looks like this client blocks all DNS traffic, except to their own DNS servers. That's why you can't use public servers (like Google's) and Unbound won't work as a recursive resolver (where it needs to be able to reach a gazillion servers).
Unbound works in forwarding mode because it forwards to the client's DNS servers (unless you configure something else).
OPNsense itself was able resolve hostnames even when Unbound didn't work by falling back to using the client's DNS servers.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions