DNS Confusion

Started by disorganise, Today at 02:45:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:45:09 PM
Hi,
I recently installed OPNSense (26.1.6) and have connected to the Internet just fine.  However, DNS is confusing me in several ways.

First confusion:  I don't know what DNS servers it is using, but it doesn't appear to be anything I set.
My ISP offers DNS with sinkhole - essentially a pi-hole I can configure in their portal.  The DNS setting is offered through DHCP and you can configured it yourself.
I've added the DNS into the System/Settings/General, and at the moment I have 'Allow DNS server list to be overidden by DHCP/PP on WAN' enabled - but ticked or not it doesn't make a difference.
From a windows client, my ISP DNS does not appear to being used. (ad block testing shows very low success rate, and optional DNS logs are empty)

On same windows client, if I set my IP statically and then set DNS to my ISP, the DNS logs fill quickly and ad block testing is 94% successful.

So it looks like OPNSense is using some other DNS server and I've no idea where that might be configured?

I do have a wireguard tunnel enabled to my other home and wondered if DNS was somehow going there, so I disabled wireguard and retested with same results.

As far as I understand, I'm using Dnsmasq and Unbound, though I don't really understand the relationship between the two.

2nd confusion:
As I mentioned above, I have a wireguard set up to another OPNSense 900km away.  They each have their own domain;  ie, mg.home.arpa and dy.home.arpa.  I can't seem to resolve clients in the other domain.  I've cheated for the time being by adding my Emby box as a static.  On my new box I set a 'Query Forwarding' domain to the OPNSense private IP address in the 2nd location, but resolution doesn't work. 
nslookup <client name> <2nd location OPNsense IP> does resolve successfully, so DNS traffic through the tunnel works ok.

Copilot led me a merry dance on the tunnel DNS yesterday until I gave up.  I even migrated to KEA DNS for a bit and moved back when it didn't solve anything.

So I'm hoping someone can explain how this should work and help me figure out where it is going wrong.  I figure what I want is a resolver in each site, and a pair of forwarder in each site - one to the opposite resolver for my internal domains, and one to my ISP or whatever for Internet stuff.  But I'm at a loss how to be make it happen.
Today at 08:01:56 PM #1
Quote from: disorganise on Today at 02:45:09 PMHowever, DNS is confusing me in several ways.

First confusion:  I don't know what DNS servers it is using, but it doesn't appear to be anything I set.

As far as I understand, I'm using Dnsmasq and Unbound, though I don't really understand the relationship between the two.
QuoteI even migrated to KEA DNS for a bit and moved back when it didn't solve anything.
All a matter of reading : https://docs.opnsense.org/manual/dhcp.html

HINT : There is no such thing as KEA DNS and in OPNsense everything is basically built around Unbound DNS-wise !!

QuoteI have a wireguard set up to another OPNSense 900km away.  They each have their own domain;  ie, mg.home.arpa and dy.home.arpa.

I can't seem to resolve clients in the other domain.  I've cheated for the time being by adding my Emby box as a static.  On my new box I set a 'Query Forwarding' domain to the OPNSense private IP address in the 2nd location, but resolution doesn't work. 
nslookup <client name> <2nd location OPNsense IP> does resolve successfully, so DNS traffic through the tunnel works ok.
My guess is you told DNSmasqd about it instead of Unbound but again : Read the documentation and go through everything step-by-step ;)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions