Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
17.1.5 no DNS access for VLANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: 17.1.5 no DNS access for VLANs (Read 12445 times)
interfaSys
Full Member
Posts: 165
Karma: 13
17.1.5 no DNS access for VLANs
«
on:
April 26, 2017, 11:48:14 am »
After the upgrade to 17.1.5, name resolution doesn't work for VLAN members.
Using the tools from the GUI, everything works fine.
The firewall is not blocking the outgoing requests, but it seems the answers never make it back.
VLAN define their own (external) nameservers
VLAN uses OpenVPN link as a gateway.
Nothing special in the logs.
All gateways and services up.
No proxy, no IDS.
What's the best way to debug this?
«
Last Edit: April 26, 2017, 07:40:20 pm by interfaSys
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: 17.1.5 no DNS access for VLANs
«
Reply #1 on:
April 26, 2017, 06:43:06 pm »
I'm assuming a reboot you tried?
Were you on 17.1.4 prior to this or a lower version?
What does "own DNS" mean?
Cheers,
Franco
Logged
interfaSys
Full Member
Posts: 165
Karma: 13
Re: 17.1.5 no DNS access for VLANs
«
Reply #2 on:
April 26, 2017, 07:42:54 pm »
Yes, a reboot didn't fix it unfortunately. Everything looks green, so I'm not sure where to look for an answer.
This was an upgrade from 17.1.4.
"own DNS" means custom external nameservers are defined for the VLAN under "DNS servers" in DHCP server.
Logged
mw01
Newbie
Posts: 31
Karma: 4
Re: 17.1.5 no DNS access for VLANs
«
Reply #3 on:
April 28, 2017, 03:01:31 pm »
Have a similar problem and no VLAN trunk.
Upgraded to 17.1.5 from 17.1.4 and lost VLAN traffic. The VLAN trunk is on igb2. Cannot access the gateway web interface or ssh but can ping the gateway.
Can access the gateway web interface from the LAN on igb0. The dashboard shows all interfaces green.
Logged
soernt.poppe
Newbie
Posts: 17
Karma: 2
Re: 17.1.5 no DNS access for VLANs
«
Reply #4 on:
April 28, 2017, 07:04:26 pm »
After update to 17.1.5 all VLAN Clients did not get the Standard-Gateway via the DHCP Server.
What fixes the issue for me: At the DHCP Server (for the VLAN) I entered in the Gateway IP-Adresse, restart the DHCP Server and did a ipconfig / renew at my windows clients.
I am allmost sure that was not need before the update.
Kind regards,
Sörnt
Logged
mw01
Newbie
Posts: 31
Karma: 4
Re: 17.1.5 no DNS access for VLANs
«
Reply #5 on:
April 29, 2017, 01:36:53 am »
Tried Sörnt's solution - works for ipconfig /renew but I still cannot access the gateway web interface. Could be policy based rules for openvpn.
Logged
roro
Newbie
Posts: 36
Karma: 3
Re: 17.1.5 no DNS access for VLANs
«
Reply #6 on:
April 29, 2017, 07:20:18 pm »
Hello,
after update DNS not working properly anymore.
Situation.
On one nic there is the DNS server for internal network.
This worked perfect before update.
When I remove that DNS server (in system settings) and let WAN DHCP get the DNS servers.
DNS is working again and internet is possible.
Any solution?
================================
Some DIG output
with own DNS server (worked before upgrade)
seeu:~ # dig fox.be
; <<>> DiG 9.11.1 <<>> fox.be
;; global options: +cmd
;; connection timed out; no servers could be reached
========================
with given DNS-servers (wan dhcp).
seeu:~ # dig fox.be
; <<>> DiG 9.11.1 <<>> fox.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29808
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fox.be. IN A
;; ANSWER SECTION:
fox.be. 300 IN A 204.236.227.206
;; Query time: 310 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 29 19:15:53 CEST 2017
;; MSG SIZE rcvd: 51
Logged
mw01
Newbie
Posts: 31
Karma: 4
Re: 17.1.5 no DNS access for VLANs
«
Reply #7 on:
April 30, 2017, 01:43:47 pm »
Good news - disabled floating rule to disable SSDP and everything works again with 17.1.5. This version seems to need SSDP.
Logged
interfaSys
Full Member
Posts: 165
Karma: 13
Re: 17.1.5 no DNS access for VLANs
«
Reply #8 on:
May 02, 2017, 09:54:40 am »
Tried:
* adding the Gateway
* removing the DNS
* looking for a SSDP rul (does not exist)
Nothing worked. DNS requests never get an answer.
Logged
djGrrr
Full Member
Posts: 112
Karma: 22
Re: 17.1.5 no DNS access for VLANs
«
Reply #9 on:
May 02, 2017, 03:54:18 pm »
Please screencap the firewall rules page for one of the VLAN interfaces that is giving the problem.
Logged
interfaSys
Full Member
Posts: 165
Karma: 13
Re: 17.1.5 no DNS access for VLANs
«
Reply #10 on:
May 02, 2017, 04:09:38 pm »
I think I've found the problem. Seems like the firewall is not running despite what it says on the Diagnostics page.
The logs I was seeing were from just before the upgrade.
When restarting pf, I get a notification:
There were errors loading the rules: no IP address found for vlan2
So apparently, now the firewall is taken down when such an error is encountered.
vlan2's interface is disabled, so I don't know why the firewall should care though.
Logged
roro
Newbie
Posts: 36
Karma: 3
Re: 17.1.5 no DNS access for VLANs
«
Reply #11 on:
May 06, 2017, 11:59:11 am »
Hello,
after upgrade to 17.1.6 DNS via VLAN works again for me.
Thanks.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: 17.1.5 no DNS access for VLANs
«
Reply #12 on:
May 08, 2017, 06:49:49 am »
Quote from: interfaSys on May 02, 2017, 04:09:38 pm
There were errors loading the rules: no IP address found for vlan2
Do you have an IP address configuration on VLAN2? Do you have rules that select the address or network of the VLAN?
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
17.1.5 no DNS access for VLANs