NSLookup of firewall responds with LAN GUA, IPv4, *and* WAN IP

Started by Mpegger, June 02, 2025, 07:13:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 02, 2025, 07:13:00 PM
I just noticed today that when I perform a nslookup of the Opnsense firewall FQDN on the LAN side, it responds with the GUA, the fixed IPv4 address, AND the external WAN IPV4 address.

Code Select
Server:  dns.lan.internal
Address:  fe80::xxxx:xxxx:xxxx:xxxx

Non-authoritative answer:
Name:    opnsense.lan.internal
Addresses:  xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
          192.168.2.1
          xxx.xxx.xxx.xxx
Is this normal or some bad configuration on my end that I've made? I wouldn't have noticed it if my PC suddenly was unable to connect to the firewall via the FQDN.
June 02, 2025, 07:44:17 PM #1
That's normal.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 02, 2025, 08:31:31 PM #2
I always disallow it by checking "Do not register system A/AAAA records" in Unbound settings and create a manual override for OpnSense's LAN IPv4 instead.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
June 02, 2025, 10:14:13 PM #3
Can Unbound work with ISP assigned IPv6 prefixes in its overrides? I don't see any mention of being able to use ::x:x:x:x type address to use the ISP delegated prefix. I've assigned a ULA, but we all know in a Mixed IPv4 & IPv6 network, ULA is basically ignored in favor of GUA and IPv4.
June 02, 2025, 10:45:43 PM #4
Dnsmasq can if you combine it with DHCP for these clients.

Check out the IPv6 example:

https://docs.opnsense.org/manual/dnsmasq.html#dhcp-reservations

Though for this to work correctly, dnsmasq should be your dns and dhcp server, both at the front so it can also keep track of dynamic ipv6 ptr records.
Hardware:
DEC740
June 02, 2025, 10:53:49 PM #5
I'm planning on switching from ISC to DNSMasq. The only thing holding me up is some of the confusing jargon used in the "help" sections leaving me wondering if I do or don't need to set something, or even what I'm supposed to set in the first place.

That and I have over 40 static entries in the ISC DHCPv4 that I would need to recreate in DNSMasq, both for IPv4 and now IPv6.... I really wish there was a 1 touch "import from ISC" option in DNSMasq for static entries. Would make switchover *much* more easier for those reluctant to do so. *hint hint*
June 02, 2025, 11:47:36 PM #6
Quote from: Mpegger on June 02, 2025, 10:14:13 PMCan Unbound work with ISP assigned IPv6 prefixes in its overrides? I don't see any mention of being able to use ::x:x:x:x type address to use the ISP delegated prefix. I've assigned a ULA, but we all know in a Mixed IPv4 & IPv6 network, ULA is basically ignored in favor of GUA and IPv4.

If that question is directed at having an alternative to the "hosts" entries for OpnSense itself, note that I deliberately chose my wording in my first answer:
I use the LAN IPv4 address to access my OpnSense WEB UI, which is sufficient to do that from the LAN. From outside, you would need an official (probably, dynamic) DNS entry, anyway.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions