Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
DNSMASQ + PiHole = weird issues on reboot
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNSMASQ + PiHole = weird issues on reboot (Read 1875 times)
pyrodex
Newbie
Posts: 45
Karma: 0
DNSMASQ + PiHole = weird issues on reboot
«
on:
November 12, 2021, 12:37:13 am »
Hello!
I've recently switched over to this configuration as referenced here:
https://pi-hole.net/2021/09/30/pi-hole-and-opnsense/#page-content
I have four internal subnet/interfaces as LAN,IoT,DMZ, and GUEST which the firewall has an interface in each one ending in .1 and is completely accessible via those interfaces on those VLANs. I also have DNSMASQ setup in OPNSense setup to bind to those interfaces and here are my current DNSMASQ settings attached. I am also using the eDNS configuration to pass along the client IP for pihole based rules.
In the firewall under Settings->General I have the two piholes listed in the DNS servers as .8/.9 according to the guide posted above. I do have gateway switching enabled as I have a Fiber and a CELL backup but the DNS servers are NOT listed tied to any gateway right now.
For DHCP for the four VLANs I have NO DNS server set since OPNSense inserts the interface IP already as part of the settings.
Now here is the weird part I've been using this configuration since 21.7.2 and on so can't comment on older versions.
If I reboot the firewall for any reason (e.g. Upgrade, simple reboot, etc.) the clients querying the firewall's interface work once the interfaces all come up and work up until about the point of WAN newIP stuff and then I see ALL traffic to the pihole's come to a crawl/stop. The pihole's themselves are able to be queried directly without issues and can query the upstream internet servers (using google and cloudflare DNS over TLS but when the clients via the firewall are told to talk to the pihole's I get weird errors in the firewall's dnsmasq log file. Queries against the firewall for DHCP and static hosts configured in DNSMASQ work perfectly fine but anything DNSMASQ on the firewall has to send upstream to the pihole's throws the following error:
Nov 11 18:22:53 firewall dnsmasq[49246]: 5764 x.x.x.220/50108 query[A] gstatic.com from 192.168.14.220
Nov 11 18:22:53 firewall dnsmasq[49246]: 5764 x.x.x.220/50108 config error is REFUSED (EDE: not ready)
Nov 11 18:22:53 firewall dnsmasq[49246]: 5765 x.x.x.46/51708 query[PTR] 1.x.x.x.in-addr.arpa from x.x.x.46
Nov 11 18:22:53 firewall dnsmasq[49246]: 5765 x.x.x.46/51708 /etc/hosts x.x.x.1 is firewall.lan
Nov 11 18:22:53 firewall dnsmasq[49246]: 5766 x.x.x.46/59035 query[A] firewall.lan from x.x.x.46
Nov 11 18:22:53 firewall dnsmasq[49246]: 5766 x.x.x.46/59035 /etc/hosts firewall.lan is x.x.x.1
Above you can see .220 trying to query gstatic.com from the firewall and gets the EDE: not ready error but .46 queries a static IP from DNSMASQ and it returns the response no issues.
I did some testing and CANNOT fix this issue by stopping/starting DNSMASQ on the firewall and the ONLY way I can fix this issue is going to Settings->General and literally hit SAVE without changing anything and data flows upstream to the piholes without issue.
I did some research on the EDE not ready error and came across this link:
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg15508.html
Any thoughts on this issue? Is it a bug, a mis-configuration. or something else?
Thanks!
Logged
ctr
Newbie
Posts: 20
Karma: 0
Re: DNSMASQ + PiHole = weird issues on reboot
«
Reply #1 on:
January 12, 2022, 12:58:59 pm »
I'm also running into this issue. Should be fixed in ports now - hope to see it in OPNsense soon:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260331
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: DNSMASQ + PiHole = weird issues on reboot
«
Reply #2 on:
January 12, 2022, 05:23:13 pm »
How soon is now? 21.7.7 fixed this in December.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
DNSMASQ + PiHole = weird issues on reboot