Unbound to DNSMasq

[gpfountz]

Dnsmasq uses the DNS servers defined in "System - Settings - General" as upstream.

Otherwise, you need this patch:

Code Select Expand

opnsense-patch https://github.com/opnsense/core/commit/220dbc7931e11c71587734ed9c1731abdf9eaff8

With it you can set "Do not forward to system defined DNS servers" in dnsmasq and provide your own ones in the "Domain" tab. Just use an asterisk (*) to specify any domain, and then define an IP address (e.g. 1.1.1.1) or Unbound if it runs on a different port (127.0.0.1, Port 53053).

Since updating to 25.1.8_1, I can no longer use an asterisk (*) to specify any domain.  Are there any workarounds?

[Monviech (Cedrik)]

Code Select Expand

opnsense-patch https://github.com/opnsense/core/commit/e7441283055dcb33a389f02d4e0f502767c8ecd1

[gpfountz]

Code Select Expand

opnsense-patch https://github.com/opnsense/core/commit/e7441283055dcb33a389f02d4e0f502767c8ecd1

Patch works - thanks!!

[Alessandro Del Prete]

Code Select Expand

opnsense-patch https://github.com/opnsense/core/commit/e7441283055dcb33a389f02d4e0f502767c8ecd1

Exactly what I was looking for, after migrating from KEA+Unbound to my favorite: dnsmasq. :)

I had solved temporarily using a custom .conf file with a 1 line (server=xx.xx.xx.xx).

Since it seemed weird I couldn't configure a default forwarder, and had to rely on a custom .conf file, I was about to raise an issue on GH because * wasn't working in domains, but I checked the forum first, and (very luckily) I found this thread.

Thank you for the patch Cedrik, just one question: is strict-order option enabled by default? is there an UI checkbox to configure it?

Great work on dnsmasq, I much prefer it over KEA+Unbound for my homelab's use case.

[Monviech (Cedrik)]

There is a checkbox in the general settings, maybe in advanced mode called "Query DNS Servers sequentially" or something.

[Alessandro Del Prete]

There is a checkbox in the general settings, maybe in advanced mode called "Query DNS Servers sequentially" or something.

Found it, from the description I thought it was only applicable to System resolvers.



I would also suggest to invert the DHCP Interface setting logic to "Enable DHCP on these interfaces:". The [no dhcp] helps, but it's confusing.

[Monviech (Cedrik)]

The upstream documentation suggests that it only works for resolv.conf, but empirical testing revealed it also works for server directives for some reason.

I dont think we can easily change the no dhcp interfaces anymore without some migration so lets leave it for now.

[DEC670airp414user]

I migrated to Kea probably a year ago on business edition. but now I am reading : but without Dnsmasq DHCP support
and the recent captive portal backend switch.

https://forum.opnsense.org/index.php?topic=47329.0

will DNSMasq eventually be added to the business edition?   

no dns over DOT?    yikes.    kea and unbound sound better and better to me all around

[Monviech (Cedrik)]

Yeah it will be added eventually once it matured, thats what the business edition is for.

Dnsmasq is just a forwarder in terms of DNS. This is the kind of setup we recommend:

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

Just use KEA and Unbound if it currently works for you. I dont understand the "yikes". Each component has their own advantages and disadvantages.

[ColeTrain]

Thank you all.
Whats wrong with KEA?  Is it not possible to be used?

[julsssark]

KEA, ISC and DNSMasq can all be used. Pick the one the that works best for your requirements.