Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS python mode

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 814 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin
      last edited by

      Greetings,

      I've setup update fresh version of pfsense and restore config. Only change I did is in pfblocker-ng and dns resolver to use python mode. Now after forwarding traffic to new server DNS resolver service stopped . I deleted arp and removed stats and started the service of resolver again , but client does not have internet . Client can ping gw but failed to resolve dns.

      I dont get it whats wrong same config is working with unbound resolver,but not with python mode.

      Regards

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @scorpoin
        last edited by

        @scorpoin

        When you suspect issues, this is not enough :

        bfbf73c4-413f-4e9c-870d-0a2af99f9cad-image.png

        Connect the the console, or better : SSH, and use option 8.

        Now "talk" to ubound directly :

        dig @127.0.0.1 www.google.com
        

        or contact unbound via a LAN interface :

        dig @192.168.1.1 www.google.com
        

        Or even

        dig @192.168.1.1 www.google.com +trace
        dig @127.0.0.1 www.google.com +trace
        

        @scorpoin said in DNS python mode:

        Now after forwarding traffic to new server DNS resolver service stopped

        What did you do ?
        This : Redirecting Client DNS Requests ? ( and this Blocking External Client DNS Queries ? )

        What did the (resolver) logs tell you ?

        Normally, when a LAN device asks for a DHCP lease, it receives an IP, a network, a gateway and a DNS. The last tow are the interface IP of pfSEnse - and normally, unbound is listening on these LAN interface(s). No need to forward traffic elsewhere.
        If you suspect that LAN devices do not use the pfSense resolver, but prefer contacting (example) 8.8.8.8 why not having a talk with them ? And if they do not want to have all these adds blocked, why bother ? Let them have it. They want to communicate all their private DNS requests to 8.8.8.8 ? So be it.

        @scorpoin said in DNS python mode:

        I dont get it whats wrong same config is working with unbound resolver,but not with python mode.

        "Python mode" : to see what the diffrence is :
        Activate unbound mode.
        Get a copy of the /var/unbound/unbound.conf file.
        Activate python mode.
        Get a copy of the /var/unbound/unbound.conf file.

        Now compare the to copies.

        The unbound mode :
        unbound reads the DNSBL files itself into it's memory and uses them.
        For every DNS request, unbound tries to match the host name with the DNSBL in memory.
        If no match, unbound uses it's own cache.
        If no match, unbound goes for a classic resolve.

        phyton mode uses the python scripts file. This script, when it gets executed by python, will read all the DNSBL info.
        For every DNS request, the script file is usd to check for a match.
        If no match, unbound uses it's own cache.
        If no match, unbound goes for a classic resolve.

        So, both approaches are nearly identical.
        Important difference : python mode is faster.
        Python mode works, as most of use are using it. For several years now.

        So, the question is : what is your setup ? Settings ? Find the difference with mine, and you found your answer.

        Btw : I use a very close to default unbound set up. Only "DHCP registration" has been disabled.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Reply Quote 0
        • S
          scorpoin @Gertjan
          last edited by

          @gertjan Thanks for your response. I will have a close look to your suggestion and get back to you.

          Regards

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.