[SOLVED] Want to convert from KEA/Unbound to dnsmasq (for DHCP and DNS), but can't!

[Drinyth]

@Drinyth - are you running multple Vlans.  If you disable dnsmasq, re-enable kea dhcp4 does kea re-insert fw rules in vlans? After resetting back to dnsmasq, does dnsmasq reinstall fw rules on vlans?

Yes. I'm running multiple VLANs here.

If I disable dnsmasq, all of the firewall rules that were set for it get removed. Enabling KEA will insert the KEA firewall rules in the VLANs. Removing KEA will remove the firewall rules. And lastly, turning dnsmasq back on will put the dnsmasq firewall rules back in for all VLANs.

[davidfi01]

Intersting.  I only see 3 rules created by dnsmasq in the LAN vlan.  No rules are created in any of the other vlans.  Are you using static addresses or only dhcp?

[meyergru]

@davidfi01: Are you aware that DNSmaq DNS and DHCP interfaces are a different thing (just asking)?

FWIW: When you enable the "advanced options" switch, you will see a list of interfaces that are not bound to DHCP.

[davidfi01]

OMG .... Thanks for this response!!!

Yes, I understand diff between dns & dhcp.

NO, I was unaware that the advanced settings had "interface NO DHCP" option. Of course all my vpn interfaces were listed there.  As soon as I removed them, guess what....? Problem solved. 

Not sure how those got set as I never used the advanced interface option.  Don't recall seeing any description of advanced interface options in opnsense
 documentation.

As soon as I removed the vlans from "interface no dhcp" dns/dhcp started working.

THANK YOU!!!

D

[djr92]

Fixed my issue also. I stumbled on this earlier today and I came here to post the update. All the interfaces I had selected were automatically also selected for "no DHCP" option and hidden in the advance toggle switch. Once I deselected all of them, my leases started working.

[meyergru]

All the interfaces I had selected were automatically also selected for "no DHCP" option and hidden in the advance toggle switch.

I just tried this on a fresh 25.1.6_4 installation - this did not happen here. The default for the "no DHCP" interfaces is "nothing selected" after selecting interfaces for DNS, so I reckon you must have done something to change that manually at some point.

If this were like you say, I would have opened a Github issue.

[Tearlach]

I have now run into this issue as well.  I am a total OPNsense noob ... though I have a year of pfsense under my belt.  I followed the documentation very carefully to configure Unbound and Dnsmasq to work together.  I followed the example configuration steps in "DHCP4 with DNS Registration".  "DHCP register firewall rules" has been checked since the beginning. After I was done, I noted that the Dnsmasq service failed to start.  Logs pointed me to the issue.  I disabled the ISC DHCP4 service and manually restarted the Dnsmasq Service.  So far, so good.  Then I noticed no rules had been created with respect to DNS on any of my interfaces.  Based on this thread, I verified that the Dnsmasq General Tab listed all the interfaces (physical and VLAN) I had created (except WAN) in the "Interface" field, and under Advanced Mode the "Interface [no dhcp]" field says "Nothing selected". I did a System - Diagnostics - Packet Filter - Restart and when this changed nothing, I did a Power - Reboot.  Can anyone offer any suggestions for things to check?  Thanks.

POSTSCRIPT:  Never mind.  Noob GUI interface ignorance.  I didn't realize all the autogenerated rules are collapsed into their own folder.  The 3 "allow access to DHCP server" rules are on each interface.