two network firewall gives dns response for both networks, causing timeout

genfoch01 · February 10, 2025, 05:56:08 PM

I added a new nic ( as a guest network ) to opensense. I followed this guide ( https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-captive-portal-on-opnsense ) I have only set up the firewall rules and have not started on the captive portal.

once set up I was testing and everything seemed to work but when I was connecting to the firewall itself I would interminably get a lag before pages would load. This seemed to me like a timeout of some kind.

doing an nslookup on my firewall from my linux box gave two responses 1 for each network

fred@alice:~# nslookup myfirewall.net
Server: 127.0.0.53
Address: 127.0.0.53#53

fred@alice:~# nslookup myfirewall.net
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   myfirewall.net
Address: 192.168.10.1
Name:   myfirewall.net
Address: 192.168.20.1

the .20 is on the new network and has a rule that blocks access to the firewall from that network. (see zenarmor link)

this means when going to my firewall gui if dns resolves to 192.168.20.1, the request times out because the fw rule does not allow access to the gui on 192.168.20.1

I have tried adding a dns override but this has not solved my issue. ( the override ip is given when looking up the override name but nslookup
myfirewall.net still gives both ips.)

I am not sure how to attack this problem.
Thanks for your time,
GF

Patrick M. Hausen · February 10, 2025, 06:43:54 PM

Check: Services > Unbound DNS > General > Do not register system A/AAAA records. Then your override will be the only record returned.

genfoch01 · February 10, 2025, 07:35:51 PM

Thanks! that seems to have addressed my issue.

two network firewall gives dns response for both networks, causing timeout

genfoch01

February 10, 2025, 05:56:08 PM

Patrick M. Hausen

February 10, 2025, 06:43:54 PM #1

genfoch01

February 10, 2025, 07:35:51 PM #2