OPNsense Handing Out System DNS Servers, Not Interface IPs

Started by gregg098, May 07, 2023, 08:09:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 07, 2023, 08:09:51 PM Last Edit: May 07, 2023, 08:11:45 PM by gregg098
I just upgraded to 23.1.7_3 from an earlier 23.1.x release. Now, my clients get the DNS servers listed under System -> Settings -> General and not the interface IP (e.g., 192.168.10.1).

Under System -> Settings -> General, I've always had Cloudflare IPV4 and IPV6 servers listed for system use. For my main DNS, I have NextDNS CLI installed on port 53, then Unbound on port 5555.  NextDNS CLI forwards all local domain lookups to Unbound. This works great and I've been doing this forever.

Under Services -> DHCPv4 -> VLAN ID, I always left the DNS fields blank. This has always worked well by providing the Interface IP to each client. From the help, I understand that this is the expected behavior. For example, VLAN 10 is 192.168.10.0/24. It always handed out 192.168.10.1 as a DNS server.

Since the upgrade, all clients now get the Cloudflare DNS servers from System settings instead (with no ad blocking) unless I manually input the interface IPs in each DHCPv4 server. This isnt a big deal, but I cant figure out why the behavior changed. Is it because I use Unbound on a port other than 53? Or something I missed in changelogs?

Have experimented with various things like removing System DNS servers, various check boxes, etc. Nothing really changes this.

Any thoughts on why this changed all of a sudden?

Thanks.
May 08, 2023, 01:03:54 AM #1
Quote from: gregg098 on May 07, 2023, 08:09:51 PM
Is it because I use Unbound on a port other than 53?

Yes, that is the reason. See this thread: https://forum.opnsense.org/index.php?topic=33661.0

Most of the discussion in that thread is around Adguard Home but it's still based on the idea that Unbound is running on a non-standard port.
May 08, 2023, 01:17:30 AM #2
Thanks. I actually started reading that thread earlier too and incorrectly assumed it wasn't related. Need some kind of easier override here to go back to old functionality it seems.
May 08, 2023, 12:15:00 PM #3
Go back to where? How is NextDNS integrated? From a project perspective it's difficult to fix something that is nowhere in the provided repositories.

Cheers,
Franco
May 08, 2023, 04:39:23 PM #4
I guess I'm saying it would be nice to just allow DHCP to give out the interface address by default and not revert to System DNS servers just because Unbound is not on port 53. This is the way it always worked in the past. Maybe just a checkbox or something to allow this as an option, with the current (new) way as the default?  Currently, I have to manually enter interfaces addresses in DHCPv4 for this to happen, or add additional firewall/NAT rules.

NextDNS CLI is a third party install and unrelated to OPNsense, but at the same time, its no different than some other third party package that listens on port 53.

Thanks.
Print
Go Up Pages1
User actions