DNS issues since 23.1.6

Started by stuffu, April 21, 2023, 07:43:06 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6
User actions
April 25, 2023, 05:20:18 AM #45
@fromUnifi, what if you hard code the interface address of OPNsense in the DHCP settings? The update should not affect DNS per se, but only DHCP picking up the DNS server address automatically. That's why some folks have no problems.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 25, 2023, 09:08:41 AM #46
Quote from: gogolathome on April 24, 2023, 07:57:11 AM
Quote from: pmhausen on April 22, 2023, 01:36:34 PM
All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.
I updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.
Working for me, too.
April 25, 2023, 02:44:01 PM #47
Quote from: pmhausen on April 25, 2023, 05:20:18 AM
@fromUnifi, what if you hard code the interface address of OPNsense in the DHCP settings? The update should not affect DNS per se, but only DHCP picking up the DNS server address automatically. That's why some folks have no problems.

This works.

Also it turned out there was some IPv6 setting enabled in Unbound. Disabling it and setting everything to use Unbiund seems to be working at the moment.

Thanks!
April 27, 2023, 02:03:38 PM #48
Quote from: newsense on April 21, 2023, 02:14:27 PM
I'm with Patrick on this one, similar setup yet simpler:


- AdguardHome installed from Michael's repo and up to date - running on 5353
- Port forward NAT rules on all interfaces directing DNS queries to AdGuardHome
- AdGuardHome handles the DoH/DoT

Running without issues on multiple firewalls for more than 6 months and not affected by any updates so far.

How did you setup the port forward rules? I did a LAN 53 -> 5353 and when I query the IPV4, it tells me a source mismatch.

```
> test.com
;; reply from unexpected source: 192.168.1.1#5353, expected 192.168.1.1#53
;; reply from unexpected source: 192.168.1.1#5353, expected 192.168.1.1#53
;; reply from unexpected source: 192.168.1.1#5353, expected 192.168.1.1#53
```

I assume I'm missing something super easy.
April 27, 2023, 02:44:17 PM #49
You need to forward to 127.0.0.1:5353, so the reply packet gets routed through the NAT state engine.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 27, 2023, 03:24:42 PM #50
Sorry if I'm being dense, but that is what I am doing.

I thought the goal was to forward the inbound request to say 192.168.1. 53 to 127.0.0.1 5353 so I get to my AdGuard Home instance.
April 27, 2023, 04:03:03 PM #51
I read your post like you were forwarding to 192.168.1.1:5353 - sorry. In that case (127.0.0.1:5353) it should work, IMHO.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 27, 2023, 04:07:04 PM #52
No worries - Thanks as it's confusing me. I'll probably do some more testing in the afternoon once I'm more awake as well :)

April 27, 2023, 06:36:17 PM #53 Last Edit: April 27, 2023, 06:38:11 PM by Taunt9930
Just quickly checking as all the different configs being discussed (and some with issues not stating their config/setup) is getting confusing!

Am I right to say that the DNS issues only manifest if you're using something for DNS that doesn't correctly register on the port?

So if I'm using Unbound for DNS, with DoT, I should be able to update with no issues? If everything works now on 23.1.5_4 it will work post upgrade? Or do I explicitly have to define the DNS server in the DHCP settings (which would be difficult for ipv6) in 23.1.6?

Thanks.
April 28, 2023, 02:42:16 PM #54
Yes, if you are using the default packages, you'll have no issues.

I just removed AdGuard and added the same 2 blocklists I had in AdGuard into Unbound DNSBL and turned on the reporting in Unbound and that really does everything I wanted anyway without another package installed.
April 28, 2023, 05:43:15 PM #55
Quote from: Taunt9930 on April 27, 2023, 06:36:17 PM
Just quickly checking as all the different configs being discussed (and some with issues not stating their config/setup) is getting confusing!

Am I right to say that the DNS issues only manifest if you're using something for DNS that doesn't correctly register on the port?

So if I'm using Unbound for DNS, with DoT, I should be able to update with no issues? If everything works now on 23.1.5_4 it will work post upgrade? Or do I explicitly have to define the DNS server in the DHCP settings (which would be difficult for ipv6) in 23.1.6?

Thanks.

Yes, only if you use Adguard and also only if it runs on port 53. I just uploaded a test pkg, maybe next week it will go into stable
April 28, 2023, 10:03:17 PM #56
April 28, 2023, 11:26:06 PM #57 Last Edit: April 28, 2023, 11:37:17 PM by ChrisChros
After editing /usr/local/etc/pkg/repos/mimugmail.conf and replace /repo/ with /transfer/ only the opnsense update 23.1.6 is listed.
Plugin os-adguardhome-maxit in version 1.9 is not shown, also in the plugin section not.

So a reboot later I was able to install both updates, opnsense and Adguard-plugin. After enabeling the new checkbox it was not working, but a second reboot fix that problem and now its working.
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
April 28, 2023, 11:40:36 PM #58
Wohoo  : 8)
April 29, 2023, 10:26:09 AM #59
Anyone else able to test?
Print
Go Up Pages 1 2 3 4 5 6
User actions