[solved] 21.4 Multi-wan + DNS over TLS

Started by klamath, May 04, 2021, 04:53:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 04, 2021, 04:53:58 PM Last Edit: May 05, 2021, 04:35:39 PM by klamath
Hello,

I have been running a multi-wan failover for a few months now.  Last week i decided to make the leap into DoT and got that setup with Unbound + Adguard plugin.  I setup Unbound to listen on port 5153 and set Adguard to point to Unbound as the upstream DNS resolver.  I setup a portward to redirect all DNS traffic to the local gateway of whatever subnet the client is on. 

I noticed that whatever I did i was always getting redirected to the primary remote health checker for the multiwan setup.  IE I set Cloudflare to be my unbound DoT resolver, but when having DNS per interface listed in System-> Settings -> General it would not respect any portforwards nor unbound DNS upstream.

If I remove the DNS resolvers from opnsense's WAN interfaces, unbound starts to work, nowever dpinger seems to use the primary WAN to send requests out and not the backup WAN's monitoring interface.

Any help would be appreciated!


Thanks,
Tim
May 04, 2021, 04:54:26 PM #1
Attached NAT rules.
May 04, 2021, 06:07:02 PM #2
I ended up creating two default routes to the monitoring destinations and removing the DNS IPs from Opnsense, it seems to be working as I want now.

Tim
Print
Go Up Pages1
User actions