Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
DNS request sometimes dropped - options single-request-reopen
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS request sometimes dropped - options single-request-reopen (Read 1526 times)
Bytechanger
Full Member
Posts: 239
Karma: 0
DNS request sometimes dropped - options single-request-reopen
«
on:
January 10, 2023, 10:40:02 am »
Hi,
since I use OPNSense, my dns-requests are take long (5 seconds).
So my workaround was to add /etc/resolv.conf -> options single-request-reopen.
But this is not fine.
So I think, its this problem here:
https://supportportal.juniper.net/s/article/ScreenOS-DNS-reply-packet-is-dropped-through-the-firewall-How-is-DNS-traffic-handled?language=en_US
How can I configure OPNSense to work with this?
Greets
Logged
phoenix
Hero Member
Posts: 545
Karma: 58
Re: DNS request sometimes dropped - options single-request-reopen
«
Reply #1 on:
January 10, 2023, 11:27:27 am »
You haven't described your setup, is it a DNS sever on your LAN or on OPNsense or an external DNS server you're talking about. FWIW, I use a DNS server on my LAN and response tim are in the 20-30ms range.
Logged
Regards
Bill
Bytechanger
Full Member
Posts: 239
Karma: 0
Re: DNS request sometimes dropped - options single-request-reopen
«
Reply #2 on:
January 10, 2023, 11:44:20 am »
I run a dns-server in my network on an ubuntu system.
All my ubuntu systems has this issue.
DNS-Request takes about 5 seconds. but when I set singe-request-reopen in /etc/resolv.conf it works fast.
On all my ubuntu machines....
My dns-server is not on opnsense machine.
Greets
Byte
«
Last Edit: January 10, 2023, 11:50:10 am by Bytechanger
»
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: DNS request sometimes dropped - options single-request-reopen
«
Reply #3 on:
January 10, 2023, 12:05:23 pm »
So DNS requests from your lan clients are taking that long and you do no want OPN to resolve them, only to pass (by NAT I presume) it out?
Check what your lan and dhcp settings in OPN, so as not to conflict. Also DNSMasq and/or Unbound.
Then your firewall rules.
Make sure your post is clearer. For instance when you mention resolv.conf, it isn't clear if that's on a client or OPN.
Finally, it's likely you'll need to do packet captures on OPN on LAN and WAN to see what happens, as in your wanted setup, you want OPN to not do anything with those requests.
Logged
Bytechanger
Full Member
Posts: 239
Karma: 0
Re: DNS request sometimes dropped - options single-request-reopen
«
Reply #4 on:
January 10, 2023, 12:29:56 pm »
OK,
OPNsense:
- OPNSense has a LAN rule -> all pass, so there is nothing to do, no portforward for dns
- dnsmasq is off, ubound ist off
Clients:
- ubuntu clients asking dns-server outside
- ubuntu dns-requests take 4-5 seconds
- ubuntu clients got fast, if I change /etc/resolc.conf
DNS-Requests are going direct to internet.
Greets
Logged
phoenix
Hero Member
Posts: 545
Karma: 58
Re: DNS request sometimes dropped - options single-request-reopen
«
Reply #5 on:
January 10, 2023, 12:58:42 pm »
Just out of interest, how does DNS perform when you run a dig command when you login to OPNsense command line and run the command there?
Logged
Regards
Bill
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
DNS request sometimes dropped - options single-request-reopen
