No Internet But Can Ping

[CLawrence]

I unchecked the allow dns server list to be overidden, tried with 8.8.8.8 as my first option as well as the cisco addresses and it failed, pulled out the google dns and just left the cisco ones and it still failed.

I already removed the DHCP server settings that I made because I knew that made the network work and I'm sure you wanted it in the state of not having that info in there.

The nslookup looks the same as they did with those settings applied.

Last but not least, I can still talk with the end user on teams, control his screen via teams but can't access the internet on it while on that network.

[Mayo132]

mhh, thats realy tricky.

can you try to do  Query forward in your "Unbound"


go to
Services -> unbound DNS -> Query Forward.
>> Check the upper checkbox " Use System Nameservers"

And give it another try.


Sorry i've forgot to ask the following.
> Set up the DNS 8.8.8.8 on your client pc
> Do a new ns lookup for "google.de"

What is the output ?

[CLawrence]

That setting seems to work.

The client pc has internet now.

In the picture the first search was nslookup google.de and the second was nslookup google.de 8.8.8.8

[Mayo132]

Hey,

nice to hear.

So the problem is located at the DNS Server on the OPN sense.
> With the last option, OPN sense forwards all DNS queries to the Upstreamservers

Please check if everything is working, like expected.  If this is the case, we will have a closer look to DNS Settings of unbound.

Dear Mario

[CJ]

Hi,

sorry for this question, but is the port 53 open at the LAN interface?

If not, you are not able to reach any DNS Servers. And if i get it right you have to allow it also when you are using unbound on the firewall.

So you have to create a rule >   This Firewall > Any  Port 53

Mario

LAN has the default allow all rule so you don't need to add one for DNS.  Also, testing on the DNS Lookup page means we're not going through tthe firewall to the local Unbound.

[CJ]

Hi CJRoss

DNS lookups with nothing in server are attached. Did Amazon & ESPN. Haven't looked at these before so i'm not sure what i'm looking at, I did look at this on a machine that seems to be working and it looks different.

When I type 127.0.0.1 in the server field I get no results.

My apologies for being on Comcast.  What this is telling us is that Unbound isn't working correctly on your system.  You're only getting results from your specified providers.

Yes i'm using the default unbound. pic attached (Unbound settings)

What do the Unbound Query Forwarding and DNS over TLS pages show?  What about the Log page?  Do you have the Green arrow in the upper right of the Unbound page?

I do want to let you know that it seems to be fixed at least on the devices that are connecting to the internet side because of the settings I added under Services, DHCPv4, Lan, DNS Servers. Pic attached (DHCP DNS)

Yes.  That's because you've changed your DHCP to provide upstream DNS servers instead of letting it default to the OPNSense.

Something is going on with your OPNSense DNS.  We just need to determine what.  Can you also post your Dnsmasq settings as well?

[CLawrence]

Morning,

Everything seemed to be working from the last settings we made. I'm confirming with more users to see if everything is good.

If everything is good could we just leave it with the settings we have now or should we do more troubleshooting/changes?

[CJ]

Somehow I managed to miss an entire page of posts when I created my reply.  Not sure what happened there.

You should be good to go if you're able to get results from Unbound now.

[Mayo132]

Somehow I managed to miss an entire page of posts when I created my reply.  Not sure what happened there.

You should be good to go if you're able to get results from Unbound now.

Hey,

sorry for the late response. 

The summery of page 2 is, that we set up unbound in forwarding mode.


@Clawrence
I don't think that this should be a disadvantage. I think the only disadvantage could be a "privacy" aspect. If you use unbound without forwarding, the DNS record is resolved at your system.