Opnsense and NextDNS with DNSMasq and Unbound

Started by GregTheHun, July 29, 2025, 09:24:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 29, 2025, 09:24:51 PM
So, currently, I have Unbound set at what I believe are defaults listening on port 53, no overrides and query forwarding to DNSmasq on 127.0.0.1:53053

I have all my static hosts set on the "Hosts" tab in Dnsmasq, with each host checked as "Local".

So, in the DHCP options, I can have option 6 set as just the router address for each VLAN, and be able to do local resolution to hosts in my networks, or I can add NextDNS Addresses as well, and not be able to resolve anything local, but I would have all the features of NextDNS working correctly.

What am I missing to be able to resolve local hosts, but forward every other address lookup to NextDNS per VLAN?
July 31, 2025, 01:50:57 PM #1
Ultimately, what I want to be able to happen is when a client on any VLAN, as long as they're allowed to access a server, they should be able to:

DNS Query to Router     -> If Local server (with domain I use internally), give them server IP
                                              -> If External server, go to NextDNS address set by DHCP option 6 addresses
August 01, 2025, 03:04:04 PM #2
If there are any details missing, I can provide anything that's needed
August 01, 2025, 04:29:11 PM #3
Cut Unbound out of your equation and do this:

https://docs.opnsense.org/manual/dnsmasq.html#dnsmasq-as-primary-dns-resolver

Just set up "Services ‣ Dnsmasq DNS & DHCP ‣ Domains" to forward to the IP of the NextDns Server on port 53 and you are done with this setup.

Do not set any DHCP options. Dnsmasq will always be your DNS server, it decides weather the domain is local to it, or forwarded to nextdns.
Hardware:
DEC740
Print
Go Up Pages1
User actions