[18.7.r1] "Do not use the DNS Forwarder/Resolver as a DNS server for the firewall" seems broken

[sjorge]

After upgrading form develop to the latest RC version to give that some more testing it seems that Do not use the DNS Forwarder/Resolver as a DNS server for the firewall under settings->general is broken.

With or without this checked the system never resolves hostnames know to dnsmasq (my dns resolver). The local resolver does also no longer appear in /etc/resolv.conf regardless of the setting.

Reverting to the latest stable and the system will resolve configured hostnames again when this setting is unchecked.

[fichtner]

No change intended here in any way, but I'll take a look.

[fichtner]

Cannot reproduce this at all.

% cat /etc/resolv.conf
domain homeoffice.local
nameserver 127.0.0.1
search local
nameserver 192.168.2.1

Insight hostnames resolve on LAN. If I enable the setting 127.0.0.1 disappears and Insight LAN host resolve fails.

[sjorge]

How many other resolvers do you have? I have 4, 2 IPv4 and 2 IPv6.

[fichtner]

I don't understand. It only injects or omits 127.0.0.1, it doesn't matter if Dnsmasq or Unbound is on port 53 or how many other servers are specified?

[sjorge]

Configuration A (Not what I want, but 'works')

sjorge@hydrogen:~ % cat /etc/resolv.conf
domain acheron.be
nameserver 208.67.222.220
nameserver 2620:0:ccc::2
nameserver 208.67.222.222
nameserver 2620:0:ccd::2

Configuration B (What I want, but 'broken')

sjorge@hydrogen:~ % cat /etc/resolv.conf
domain acheron.be
nameserver 208.67.222.220
nameserver 2620:0:ccc::2
nameserver 208.67.222.222
nameserver 2620:0:ccd::2

[fichtner]

Wrong alley, https://forum.opnsense.org/index.php?topic=9208.0 gives the correct hint. You use an interface selection for dnsmasq service? It's missing localhost now.

[fichtner]

Actually, spot on with unnecessary private code being executed in another file, sorry for missing this.

# opnsense-patch 188b098

Cheers,
Franco

[sjorge]

Yep that fixes it!