DNS issues since 23.1.6

[keropiko]

Don't know if this is related, but in my multiwan setup, in all my vlan interfaces the clients since 23.1.6 are no more getting as DHCP DNS the gateway ip address i.e. 192.168.1.1 (blank in the settings of dhcpv4 of the interface) , but the DNS list of the servers configured in the system-> general per gateway i.e. 1.1.1.1, 8.8.8.8, although the option "Do not use the local DNS service as a nameserver for this system" is Unchecked.
It's like the interfaces are bypassing the local DNS/DHCP service.

[KuteK]

Hi guys,

I use adguard as a plugin too. Today I updated to 23.1.6 and websites stopped working but 8.8.8.8 was pinging fine so it led me to check DNS settings. I found that my devices receive some IPv6 address as DNS address.

I had blank field under Services->DHCPv4->[LAN]->DNS servers so it used default address and somehow after update this address is an IPv6. I just set this up to my router's IP and everything started to work as it was before update.

[Patrick M. Hausen]

All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.

[Dotzi]

As the DNS issue seems to manifest in different ways, I figured I post my settings here — it's really nothing unusual, but maybe this helps in some cases.

Unbound listening port is set to 5353,
AdGuard listens to port 53 and upstream DNS server in AdGuard is set as 127.0.0.1:5353
DNS port forwarding rule: Protocol TCP/UDP, destination LAN net:5353, redirect to 127.0.0.1:5353

As I wrote in a previous post, I also had the DNS issue after updating to 23.1.6, but in my case the port forwarding rule was broken. Once I realized it and entered the exact settings that I had before the update, everything worked fine.

By the way, restoring a saved configuration and reverting back to 23.1.5 both didn't help, which was odd. I really had to enter the old settings manually to make it work.

[yeraycito]

Unbound: Port 5353
Adguard: Port 53
DHCPV4 DNS servers: IP Opnsense
DNS Adguard: quic://dns0.eu

Everything is working perfectly.

[opn_nwo]

Updated without issues. Here's my config:

Unbound on LAN interfaces standard port 53
AdGuard on dedicated VIP on port 53 using 127.0.0.1 ad upstream DNS
DHCP pointing to AdGuard VIP as DNS

[depc80]

Updated without issues. Here's my config:

Unbound on LAN interfaces standard port 53
AdGuard on dedicated VIP on port 53 using 127.0.0.1 ad upstream DNS
DHCP pointing to AdGuard VIP as DNS

This works for me, thank you. However I can't get any IPv6 forward to Adguard using Nat portfoward to ::1 and 127.0.0.1.

[Inxsible]

My config:

Code Select Expand

Unbound: Port 5353
Adguard: Port 53


LAN:

Code Select Expand

DHCPV4 DNS servers: Main Opnsense IP
GUEST VLAN:

Code Select Expand

DHCPV4 DNS servers: Guest VLAN Opnsense IP
IOT VLAN:

Code Select Expand

DHCPV4 DNS servers: IOT VLAN Opnsense IP

[Patrick M. Hausen]

@Inxsible - working or broken?

[gogolathome]

All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.

I updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.

[mueller]

Hello, for me DNS stopped working correctly after upgrading from 23.1.5_4 to 23.1.6.

I used the following instructions:
https://samuelsson.dev/install-adguard-home-on-an-opnsense-router/

I first solved it by stopping the adguard-plugin and manually entering a DNS_Server.
After that I reset the "Unbound port entry" from 5353 to 53.

[tz-mbc]

I had a somewhat different issue. After upgrading to 23.1.6 all machines but one were working just fine.

The machine which ran into problems was my docker host (Proxmox container) which all of a sudden wasn't able to communicate with it's default gateway = OPNsense. A ping to this particular IP would time out, pinging all other IPs on the same network worked fine. Initially this issue looked completely unrelated to the upgrade, because all other machines on the network, including the Proxmox container host, were able to communicate just fine.

After quite a few hours of unsuccessful troubleshooting I finally ran out of ideas and considered, what I thought is a long shot, restoring OPNsense to the previous version. Restore complete and voila, the container was able to communicate to the external world again!?!?

For now I'll stay on 23.1.5...need to find some time to look into this in some more detail

[NeoDragon]

I had an issue with DNS aswell.
Using :
Unbound on port 5353 - with DNS over TLS
Adguard on port 53 - pointing to unbound for upstream dns
Also:
I had a nat redirection and firewall rules to block any external dns and redirecting to adguard.

Fix :
Remove the external DNS block and redirection. The rules were applied following this guide : https://homenetworkguy.com/how-to/firewall-rules-cheat-sheet/

[marunjar]

explicit configuration is working here, it also makes more clear what is actually set/happening

but maybe updated adguard plugin will help too ;) https://github.com/opnsense/core/issues/6513#issuecomment-1518684956

[fromUniFi]

I actually use Unbound and I'm impacted with DNS issues as well.

I've never had a NAT rule for port 53, is that maybe my problem?

Hard coding the DNS server IPs to 1.1.1.1 and 8.8.8.8 on all interfaces works, but I'd love to have my local DNS working again.

Thanks