DNS question: How to use DNS other than the one the ISP specifies in its DHCP?

[Oxygen61]

@Maurice

There won't be any forwarding because it's not required. If dnsmasq and unbound are disabled, the DHCP server assigns the DNS servers configured on the General page to the clients. So the clients query the Google DNS servers directly. In this scenario OPNsense is not involved in DNS at all.

Okay that's a legit point but here is my second question:
How is the OPNsense itself going to lookup hostnames?  ???
As far as i know, searching for updates, aka. "check updates" will probably not work anymore or will OPNsense just use the DNS configured in the general page aswell, even without any forwarding feature enabled? Never had this setup before so i am really curious. :)

@comet i really didn't wanted to respond again but here we go...

Now to me, that came across as "I'm not going to answer the question you asked, but instead the one I think you should have asked, and I'll say 'sorry' but I'm really not."

It was a joke... this "sorry, not sorry" is just a meme. The "Glad you asked." part aswell. It's just that Unbound is insanly powerful with it's resolving feature in addition with DNSSEC that i did not understand why on earth someone would want to use Google DNS with both unbound and DNSmasq disabled.
Using Unbound instead of any weird google DNS was such a "no-brainer" to me that i tried to be funny.
... I failed hard obviously.
I explained every checkbox and every step in my inital post.
Instead of going full rampage on me you could have answered:
"cool, i didn't know that there is this kind of feature but i am still unsure about the consequences and advantages as opposed to just using the Google DNS, could you please go more into detail?"
I would have happily responded with more hints and details but not this way....
I am not getting paid to help you and this forum is free for everyone.
If you don't like "us" then leave, it's that simple and easy.

Best regards,
Oxy

[Maurice]

That assumes there's no LAN PCs/Servers that don't need DNS resolution, if it's required then a LAN DNS server is needed or have I missed something obvious?

That's correct. DNS resolution of local hostnames won't work.

How is the OPNsense itself going to lookup hostnames?

By querying the specified (Google) DNS servers directly.

As far as i know, searching for updates, aka. "check updates" will probably not work anymore or will OPNsense just use the DNS configured in the general page aswell, even without any forwarding feature enabled?

It will. That's what the setting "Do not use the DNS Forwarder/Resolver as a DNS server for the firewall" is for.

Never had this setup before so i am really curious.

This is a pretty common setup. Think of corporate networks with existing DNS infrastructure. You typically don't want a firewall involved in DNS resolution / forwarding in such scenarios.

[Ciprian]

Comet, nothing personal, honestly! Heck, I don't even know you, why would I get personal on you? :)

Regarding questions you ask, and I told you before on a previous post, it's not the question, or the answer, it's about you comparing apples and plumes. They're both fruits, but that's all about their similarities: you can't really compare an "of-the-shelf" router with a professional router like OPNsense (or pfSense, or even Cisco, or HPE, or Moxa or etc. etc. etc. in the multiple hundreds/ thousands of dollars price point) because their respective user approach is different. Meaning, "of-the-shelf" comes with a plug-n-play approach with minimal user intervention or knowledge, and, for achieving this, stripping down most options and functions except for mandatory ones, while professional comes (maybe) with a plug-n-play also, maybe in the shape of a wizard or alike, but also with most/ any other functions, utilities, plugins etc too, so that it's simply not feasible to change something at a particular function/ plugin level and not to have to change something else at another function/ plugin level.

I remember a question/ topic you opened a while ago, stating something like "How can I block [using OPNsense] everything, WAN && LAN, but a single internal server, for a particular internal PC?". That one also goes and comes and goes again, with every friend here recommending VLANS or different switches and stuff which made you angry, just until you did reach an "Aha!" moment when you learned that it's not possible to block LAN only at the OPNsense/ router/ firewall level since that/ any client's traffic from & to LAN is a direct one, and is not passing through anything else but switches, and not routers --> you can't without isolating that client using VLANs or distinct switches in different routing interfaces (which, sorry, but is considered basic for networking and nobody would start answering such a question stating that "axiom"), exactly the first given answer which made you crazy angry. :)

Here, again, you ask a question, and the question implies background knowledge and conditions, some of them "non-explicable", hence you don't understand and remain with the impression that people talk down to you.

I would dare to speak for everyone around here, and certainly for myself, THIS IS NOT TRUE!!! (!).

[conanTheRouter]

Hehe best router drama ever  ::)

Oxygen61 very good answer!