view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Thank you!! Yes, it is a DHCP war. I just realized that I can talk to my hardwired devices but only by IP! Even though I specify my DNS server in google, its ignoring it for the browser. I wonder if that is DNS over HTTPS (DOH) in Chrome.
This is a different problem. But when you configure a competent DHCP server, you tell it to give out a bunch of information to the client, not just an IP address. It should tell it IP, subnet, gateway, DNS server IP and default domain name. (in opnsense most of this is default so you dont have to actually configure it - hit the (i) button and it will tell you. Example for domain name: "The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here.")
Then on top of that google devices are notorious for ignoring DNS (ahem chromecast, etc) and want to use 8.8.8.8. This is because google does all sorts of non-DNS buggery on those devices, for example checking and pushing updates). Chrome on you PC could well be doing this as well, but it shouldnt it should be honouring your NICs config. However I don't for a second doubt that Chrome is preferring DoH to somewhere like 8.8.8.8 first.
You will need to create a rule to enforce your local DNS server and block all other outgoing attempts.
To do this create a NAT rule port forward -> set the interface to LAN ,set the destination to LAN net and INVERT. Then destination port to DNS. Finally redirect target to your DNS server (127.0.0.1 for your opnsense) and DNS port (53).
This NAT rule says any DNS NOT headed to the LAN network must be redirected to the DNS server in your LAN.