Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
DNS resolution failing using DHCP supplied DNS servers
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS resolution failing using DHCP supplied DNS servers (Read 337 times)
Benchamoneh
Newbie
Posts: 2
Karma: 0
DNS resolution failing using DHCP supplied DNS servers
«
on:
May 03, 2024, 07:33:29 pm »
I've just finished putting together a new OPNsense router (first one) and have managed to set up up almost everything, but am struggling with DNS resolution. Looking for some help please.
I run a couple of Pi-Hole virtual machines on vlan1 and have users in vlan2. ISC DHCPv4/6 servers are running on both vlans and are allocating IP addresses and gateways as configured. I set 2 DNS servers in the server config for each vlan but when testing I'm unable to browse web pages. I can ping various Internet resources so connectivity is there, just resolution is failing from vlan2.
I've since modified the config of the DHCP servers to use the gateway IP address for resolution which works, but even with firewall rules configured (floating permit IPv4+6 from any to DNS server on TCP/UDP53) I'm unable to resolve from vlan2 using servers in vlan1. I'm also not seeing connection attempts in the logs. I can ping the servers and see the pings though. Is the router intercepting the DNS requests somehow?
I have things working now but not the way I'd like. I am not interested in the router performing DNS lookups, I would rather the clients just go direct to my DNS servers.
I imagine this topic has come up before but searching through the forums here, on Reddit and the Internet at large hasn't brought up this particular use case. Could someone please point out the obvious mistake I've made?
Logged
Benchamoneh
Newbie
Posts: 2
Karma: 0
Re: DNS resolution failing using DHCP supplied DNS servers
«
Reply #1 on:
May 04, 2024, 11:25:19 am »
Slept on it and did some troubleshooting this morning. Finally established it was the FW rules I'd put in that was not allowing connectivity.
The rules:
DNS lookup was failing because in for the Interface section I'd used an inverse match for the WAN internface (!WAN), for some reason this was causing lookups to fail from the DNS server in vlan1 to the Internet. I removed the interface match and it all works as expected.
These are inbound rules on the router so I didn't think they would affect the lookups out to the WAN. Clearly I don't quite understand the inverse match logic, or the DNS traffic flow from my own local recursive resolver to the Internet.
Does this make sense? Can anyone help me understand how the inverse match on the WAN interface would affect lookups from my local server?
«
Last Edit: May 04, 2024, 11:27:05 am by Benchamoneh
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
DNS resolution failing using DHCP supplied DNS servers