Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
« previous
next »
Print
Pages: [
1
]
Author
Topic: Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled (Read 303 times)
iamaven
Newbie
Posts: 1
Karma: 0
Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
«
on:
November 17, 2024, 12:03:21 am »
Putting this out there in case anyone else has issues.
I updated to 24.7.8 today and after doing so noticed DNS resolution was failing intermittently. I have local domain requests forward to my domain controller and those worked fine.
Any request that required forwarding was not going to my pihole server, however I could manually query pihole for DNS just fine.
When I enabled some DNS over TLS servers I previously had enabled in the past for testing, DNs queries were forwarded for external addresses, but not to pihole, instead to those configured DNS over TLS servers, which would be expected.
I had to disable "Enable DNSSEC Support" in the unbound configuration as well as disabling the DNS over TLS servers I have configured in order for DNS traffic to be directed to my pihole instance.
Logged
77win2
Newbie
Posts: 1
Karma: 0
Re: Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
«
Reply #1 on:
November 17, 2024, 07:42:12 am »
nice i like this post
Logged
Khám Phá 77WIN: Nền Tảng Cá Cược Trực Tuyến Hàng Đầu.
https://30799.org/
appasquatic
Newbie
Posts: 5
Karma: 0
Re: Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
«
Reply #2 on:
November 17, 2024, 03:21:50 pm »
I'm not sure, but from your explanation, it almost seems you are describing an issue with pihole's DNSSEC support, rather than an issue with opnsense. Does DNSSEC work when you forward to (say) QUAD9?
Logged
Deciso DEC Device
It's about learning to dance in the rain
DEC670airp414user
Full Member
Posts: 162
Karma: 8
Re: Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
«
Reply #3 on:
November 17, 2024, 03:34:28 pm »
I've always disabled dnssec when using forwarding to TLS. its even suggested for it here:
https://docs.quad9.net/Setup_Guides/Open-Source_Routers/pfSense_%28Encrypted%29/
why it is not for opnsense I do not know on that same page
Logged
n6vmo
Newbie
Posts: 2
Karma: 0
Re: Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
«
Reply #4 on:
November 17, 2024, 05:01:20 pm »
I wish I saw this post before I updated. Now my two PiHole servers do not block ads.
I am very new to Opnsense and would like to get back to having this work.
Any detailed help would be appreciated.
I looked into reverting backa version but opnsense-revert -l does not list anything I can revert to...
Very frustrating....
«
Last Edit: November 17, 2024, 05:09:21 pm by n6vmo
»
Logged
appasquatic
Newbie
Posts: 5
Karma: 0
Re: Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled
«
Reply #5 on:
November 17, 2024, 07:59:16 pm »
You're absolutely right about QUAD9 suggesting opnsense disable DNSSEC support, I stand corrected. I do wonder that the pihole/opnsense interaction suffers from the same issue?
Personally, I do not use DNS forwarding or pihole for DNS blacklisting, but use Unbound as the recursive resolver and host for the DNS blacklists. Would this not work for your setup as well?
Logged
Deciso DEC Device
It's about learning to dance in the rain
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Update to OPNsense 24.7.8 broke DNS using unbound with DNSSEC enabled