Welcome to the IPFire community.
Your dynamic leases for blue range from 192.168.20.1 to 192.168.20.255.
This isn’t right:
- 192.168.20.1 is the blue IP of your IPFire system; first leasable IP should be 192.168.20.2
- 192.168.20.255 is the broadcast address of network 192.168.20.0/24 ( your blue network ); last leasable IP must be 192.168.20.254
Have you tried with Primary DNS 192.168.20.1 for blue?
I do not recommend to use a secondary DNS server outside your local networks.