DNS Forwarder not working

[pboe]

Hi,
i have problems getting the dnsmasq running.
Installed 15.1.11 upgraded to 15.1.12
Multiwan setup
dhcp server running
system->settings dns servers entered and assigned to the 2 wans
dns forwarder enabled, no other checkbox enabled on this page
diagnostics->dns lookup works
dhcp works and distributes the ip number of the opnsense box as a nameserver to all clients
i can ping from any host ip numbers but i can't resolve any domain name

Any help is very welcome,
Best regards,
Paul

/etc/resolv.conf
domain foo.local
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 194.25.0.52
nameserver 194.25.0.68

/etc/hosts
127.0.0.1       localhost localhost.foo.local
10.190.30.254   foorouter.foo.local foorouter

[franco]

dnsmasq version was bumped in the last update, can you try the following to see if the new version behaves differently. Run this from the root shell:

(Assuming you use OpenSSL/amd64, if not, the URL must be adapted)

# fetch https://pkg.opnsense.org/FreeBSD:10:amd64/15.1.11.4/OpenSSL/All/dnsmasq-2.72_1,1.txz
# pkg add -f dnsmasq-2.72_1,1.txz

Restart the service from the GUI or better yet try a reboot.

It would also be helpful to see a screenshot of any dnsmasq-related error messages in the system logs pages.

Thanks,
Franco

[franco]

BTW, to get back to the latest version, type:

# pkg install -yf dnsmasq

[pboe]

Hi Franco,
no errors in the log.

[pboe]

BTW, to get back to the latest version, type:

# pkg install -yf dnsmasq

Did you mean:
# pkg install -Af dnsmasq

root@OPNsense:~ # pkg add -yf dnsmasq-2.72_1,1.txz
pkg: illegal option -- y
Usage: pkg add [-IAfqM] <pkg-name> ...
       pkg add [-IAfqM] <protocol>://<path>/<pkg-name> ...

For more information see 'pkg help add'.

[franco]

Oh, sorry, no "-y" for pkg-add needed; "-f" is enough.

[pboe]

By the way,
shouldn't there be a /etc/dnsmasq.conf file?

[pboe]

Hi,
tried:
# fetch https://pkg.opnsense.org/FreeBSD:10:amd64/15.1.11.4/OpenSSL/All/dnsmasq-2.72_1,1.txz
# pkg add -f dnsmasq-2.72_1,1.txz

reboot,
same as before.

[pboe]

Hi,
did a clean install with 15.1.12
Same thing.

[franco]

And with the old 15.1.11.1? Sorry to bug you. We can't pin this down for some reason. https://pkg.opnsense.org/releases/15.1.11.1/

[pboe]

Hi Franco,
i've done a clean installation of 15.1.11.1.
Configured wan network settings, which is the default gateway, everything works fine.
Then started to configure the multi wan setup by adding a 2nd wan, adding in the routing tab a new group with both interfaces as tier 1 for load balancing.
Still everything works, even the 2nd Wan is not physically connected.
Once i edit the standard firewall rule to use the load balancing gateway group, the dns isn't working any more for the connected clients.

Best regards,
Paul 

[philamonster]

Are you sure the resolver is not running? Just had a forwarding issue myself after removing a manual dnsmasq entry for a secondary hostname. Service would not start after I saved and all my host overrides failed. Turns out unbound was running though disabled in gui with an apply button to save changes every time I went to Services > DNS Resolver.

I killed unbound and manually started dnsmasq and the service started. Though the resolver is disabled I am still prompted to save changes in gui under Services > DNS Resolver for whatever reason.

[philamonster]

Ok, after reboot had to start dnsmasq manually again. DNS Resolver not running and not asking to apply changes in gui / disabled. DNS Forwarder is enabled in gui too but just doesn't start. 

EDIT: dnsmasq seems to get SIGTERM when restarting ANY service. Just adding/removing static DHCP lease killed it.

This is when starting service from Status > Services:

Code: [Select]

Jun 27 17:13:35 dnsmasq[19366]: FAILED to start up
Jun 27 17:13:35 dnsmasq[19366]: junk found in command line
Static DHCP mappings also not being written to /etc/hosts.

[pboe]

Hi,
switching from the resolver to the forwarder in the gui, stops unbound and starts dnsmasq. so from that side evrything is fine.
Things stop working, when i change the firewall rule to use the multi wan gateway group instead of the default gateway.