Wrong static route for DNS servers is autogenerated
At reboot or at DHCP renewal, OPNsense creates routes for DNS servers which were obtained from DHCP. However, it creates the routes for interfaces it received the DHCP lease from, which in our case may not be the WAN interface where the DNS is reachable. As a result, the DNS servers are unreachable.
The problem does not occur for manually added DNS servers.
Found an issue which may be relevant: https://forum.opnsense.org/index.php?topic=26765.0
DHCP can distribute routes, which could cause this behaviour: https://ral-arturo.org/2018/09/12/dhcp-static-route.html Using Classless Static Route Option https://datatracker.ietf.org/doc/html/rfc3442 But the routes sent are for 169.254.169.254
and for some interfaces it sets the default gateway. Checked using sudo dhcpdump -i vtnet0 & sudo service dhclient restart vtnet0
. In conclusion, DHCP does not seem to be the cause.