OPNsense handling DNS requests from clients when all DNS services are disabled

dodgeboy · January 04, 2025, 04:34:35 AM

If this is a standard setup for Multi-WAN, which is the guide(s) I followed when I originally configured it years ago, why is it causing this behavior? I can consistently reproduce the behavior by enabling the gateway group on a rule, and it goes away when I remove it. Is it a bug?

dseven · January 04, 2025, 10:06:33 AM

Quote from: dodgeboy on January 04, 2025, 04:34:35 AMIf this is a standard setup for Multi-WAN, which is the guide(s) I followed when I originally configured it years ago, why is it causing this behavior? I can consistently reproduce the behavior by enabling the gateway group on a rule, and it goes away when I remove it. Is it a bug?

Eric is saying that the standard setup for Multi-WAN includes the rule to explicitly NOT use a gateway for local DNS, which you were missing - step 5 here: https://docs.opnsense.org/manual/how-tos/multiwan.html#step-5-add-allow-rule-for-dns-traffic

Without that, any connection from your LAN will get sent to the gateway - even DNS directed to the firewall itself.

dodgeboy · January 04, 2025, 10:05:23 PM

Excellent! Thank you for the clarification. I saw step 5, but missed the explanation. I think this finally solves it for me. I appreciate everyone's help!

OPNsense handling DNS requests from clients when all DNS services are disabled

dodgeboy

January 04, 2025, 04:34:35 AM #15

dseven

January 04, 2025, 10:06:33 AM #16

dodgeboy

January 04, 2025, 10:05:23 PM #17