Disabling Unbound causes loss of internet access

Started by bingocard, March 01, 2025, 09:45:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 01, 2025, 09:45:37 PM
I'm very much a beginner with OPNsense so apologies if this is obvious. I have version 25.1.1-amd64 installed on a dedicated box. I recently reset the settings to factory defaults and since then have only added ProtonVPN through Wireguard. Almost all other settings are defaults. In System > Settings > General I have only 1 DNS server (1.1.1.1). "Allow DNS server list to be overridden by DHCP/PPP on WAN" and "Do not use the local DNS service as a nameserver for this system" are both unchecked. Unbound DNS is enabled (that is the default setting on a new install).

When I check my DNS server online it is showing as my ISP. Not sure why it doesn't show 1.1.1.1 (Cloudfare).

If I disable Unbound DNS then I cannot access any websites on my phone or laptop. If I use the ProtonVPN app on my phone (Android) to connect to a VPN then I am able to access websites. On my laptop (Linux), if I connect to ProtonVPN through the NetworkManager applet I can access some websites but some videos don't load.

All I'm looking to understand at the moment is why disabling Unbound causes this behaviour, and OPNsense doesn't revert to 1.1.1.1.

Thanks for any pointers!
March 01, 2025, 10:28:47 PM #1
The DHCP serve hands out the OPNsense IP for the DNS by default. If you want to use another one go to the DHCP settings and state its IP there.

The DNS server you've entered in the General settings is only used by OPNsense itself.

However, instead of disable Unbound DNS entirely and push an external DNS to the clients, I'd rather forward the Unbounds DNS requests to the desired server.
You can configure this in the Unbound settings.
But if you want to direct Unbound upstream request over the VPN you have to add a static route for it (in case the VPN is not used for the default route) and enable the use of the VPN interface in Unbound.
March 02, 2025, 08:33:49 AM #2
Thanks for your help.

Quote from: viragomann on March 01, 2025, 10:28:47 PMThe DHCP serve hands out the OPNsense IP for the DNS by default. If you want to use another one go to the DHCP settings and state its IP there.

The DNS server you've entered in the General settings is only used by OPNsense itself.

When you say "the OPNsense IP for the DNS", does this mean the DNS server entered in System > Settings > General? If this is the case, I don't understand why disabling Unbound doesn't then make the DHCP server hand out 1.1.1.1 to the clients on my network.

If I enter 1.1.1.1 in DNS servers under Services: ISC DHCPv4: [LAN], then disable Unbound, I lose all internet access again. Something is not right and I'm stuck as to what it is. 

QuoteHowever, instead of disable Unbound DNS entirely and push an external DNS to the clients, I'd rather forward the Unbounds DNS requests to the desired server.
You can configure this in the Unbound settings.
But if you want to direct Unbound upstream request over the VPN you have to add a static route for it (in case the VPN is not used for the default route) and enable the use of the VPN interface in Unbound.

Ultimately this is what I want to do, and take advantage of the many other features of OPNsense to improve my network, but right now I'm just trying to learn the basics and I'm already out of my depth!
March 02, 2025, 07:32:32 PM #3
Quote from: bingocard on March 02, 2025, 08:33:49 AMWhen you say "the OPNsense IP for the DNS", does this mean the DNS server entered in System > Settings > General?
No, as mentioned above, this setting is only used for OPNsense itself.

QuoteIf I enter 1.1.1.1 in DNS servers under Services: ISC DHCPv4: [LAN], then disable Unbound, I lose all internet access again.
Did you also refresh the IP setting of the device?
Also ensure, that access to 1.1.1.1 is allowed.

Quote from: bingocard on March 02, 2025, 08:33:49 AM
QuoteHowever, instead of disable Unbound DNS entirely and push an external DNS to the clients, I'd rather forward the Unbounds DNS requests to the desired server.
You can configure this in the Unbound settings.
But if you want to direct Unbound upstream request over the VPN you have to add a static route for it (in case the VPN is not used for the default route) and enable the use of the VPN interface in Unbound.

Ultimately this is what I want to do, and take advantage of the many other features of OPNsense to improve my network, but right now I'm just trying to learn the basics and I'm already out of my depth!
So go to Services: Unbound DNS: Query Forwarding, hit "Add" and enter 1.1.1.1 for the server IP.
This way your client should not lose internet access. If they do though, your ISP presumably blocks access to it.
Print
Go Up Pages1
User actions