Can you use lsof or whatever to check, whether your name server on the router listens on lo or on the attached network device? There's a non trivial chance, that you have to enable the latter in the name server config file.
On Fri, 2026-06-19 at 16:05 -0700, Aric Gregson wrote: > On 2026-06-18 21:42, Rudolf Leitgeb wrote: > > On Wed, 2026-06-17 at 17:21 -0700, Aric Gregson wrote: > > > On 2026-06-14 00:11, Rudolf Leitgeb wrote: > > > > What is your DNS setup? Which DNS server address is returned by > > > > your > > > > DHCP server? Is this DHCP server reachable from your client? > > > > Can > > > > you > > > > check on your client, which name server is configured? > > > > > > The gateway gets two name servers from the network and I have > > > added > > > three others to the gateway /etc/resolv.conf that I know work. > > > > > > On the client /etc/resolv.conf shows the gateway: 192.168.1.1 and > > > no > > > other name server. > > > > > > I can ping all the name servers in the /etc/resolv.conf on the > > > gateway from both the gateway and the client. > > > > You used these dig calls on your router, but have you also used > > them > > on your client computer? Is the name server on your router > > reachable > > from your client? Does it listen on the lan port? > > OK, after some back and forth looking into your questions I have > figured > out, at least, how to make it work. > > I am able to dig openbsd.org on the router. > > I was NOT able to dig openbsd.org on the client. Client > /etc/resolv.conf > had only 192.168.1.1 as the nameserver. By adding 9.9.9.9 to the > client > /etc/resolv.conf, I can dig openbsd.org and load webpages normally. > > I thought that the examples in dhcpd pointed to putting the router > address as the nameserver, but this seemed not to work. Only after > adding another nameserver in the /etc/dhcpd.conf (an opendns one) and > restarting both dhcpd on the router and restarting the client > computer > does the dig and webbrowswer work. > > I now see on the client /etc/resolv.conf that the opendns nameserver > has > been added via em0 (ie, the router). > > I do not think that pf had anything to do with this, but I did remove > the $client_out bit and opened up outbound tcp completely. > > Thank you very much for pointing me in the right direction to solve > this. I'll see how it goes when I put the router on the entire > network. > > Thanks, Aric
