dnsmasq stopped resolving external domains after upgrading to 26.1.6

sstaible · May 09, 2025, 09:41:51 AM

Hi all

After the upgrade to 26.1.6, dnsmasq is no longer able to resolve queries to the external DNS from clients on the LAN. Queries for internal hosts work though. In the log I can see that dnsmasq tries to forward the queries to the configured resolvers (from general settings) but then immediately sends error REFUSED to the client. Resolving external hosts in the OPNsense shell works though. Also, if I assign the external resolver as DNS server in DHCP, clients on the LAN can resolve external hosts.

I can't figure out what is wrong. Any ideas?

Regards
Sven

bora.rs · May 09, 2025, 11:22:54 AM

If you are forwarding the DNS queries to Google DNS servers (8.8.8.8) that might be causing the issue. Can you try another DNS provider such as Cloudflare (1.1.1.1) to see if that solves the issue?

cookiemonster · May 09, 2025, 11:57:56 AM

perhaps https://forum.opnsense.org/index.php?topic=47135.0

sstaible · May 09, 2025, 01:42:41 PM

Quote from: bora.rs on May 09, 2025, 11:22:54 AMIf you are forwarding the DNS queries to Google DNS servers (8.8.8.8) that might be causing the issue. Can you try another DNS provider such as Cloudflare (1.1.1.1) to see if that solves the issue?

I'll try that when I'm home. I'm using my providers DNS resolvers, which work fine when queried from OPNsense or directly from clients on my LAN. Maybe the new version of dnsmasq in 26.1.6 suddenly has an issue with their response.

Quote from: cookiemonster on May 09, 2025, 11:57:56 AMperhaps https://forum.opnsense.org/index.php?topic=47135.0

I have no issues with DHCP (I'm using ISC kea). Just that dnsmasq is failing to resolve external hosts/domains.

Monviech (Cedrik) · May 09, 2025, 02:34:12 PM

Maybe this is the same issue and we get to a solution at some point.

https://github.com/opnsense/core/issues/8614

Drinyth · May 09, 2025, 03:28:28 PM

In Systems -> Settings -> General, do you have any DNS servers explicitly defined under that section? If not, try adding some there.

I noticed the same issue where when my WAN just gets DNS servers via DHCP from my ISP, I cannot resolve anything in dnsmasq. But if I define a few (non-ISP) resolvers under "DNS servers" in the general settings, it works fine.

Not exactly sure why that is the case. Nothing in the dnsmasq.conf gets modified as a result of this. And my ISP nameservers in resolv.conf work just fine. It's quite odd.

Monviech (Cedrik) · May 09, 2025, 05:10:26 PM

If anybody runs into this issue here is a patch:

https://github.com/opnsense/core/issues/8614#issuecomment-2866675332

sstaible · May 09, 2025, 11:12:28 PM

Yes, this fixed it. Thank you.

dnsmasq stopped resolving external domains after upgrading to 26.1.6

sstaible

May 09, 2025, 09:41:51 AM

bora.rs

May 09, 2025, 11:22:54 AM #1

cookiemonster

May 09, 2025, 11:57:56 AM #2

sstaible

May 09, 2025, 01:42:41 PM #3

Monviech (Cedrik)

May 09, 2025, 02:34:12 PM #4

Drinyth

May 09, 2025, 03:28:28 PM #5

Monviech (Cedrik)

May 09, 2025, 05:10:26 PM #6

sstaible

May 09, 2025, 11:12:28 PM #7