Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS doens't resolv this addresses

    Scheduled Pinned Locked Moved DHCP and DNS
    17 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @jperezme
      last edited by

      @jperezme you might want to bump up the verbosity from the default, and add these to customs

      server:
      log-queries: yes
      log-replies: yes

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      J 1 Reply Last reply Reply Quote 0
      • J
        jperezme @johnpoz
        last edited by

        This post is deleted!
        J 1 Reply Last reply Reply Quote 0
        • J
          jperezme @jperezme
          last edited by

          @jperezme
          I found the problem in the logs
          Nov 17 20:48:23 proxy unbound[13963]: [13963:4] error: SERVFAIL <ec.europa.eu. A IN>: all the configured stub or forward servers failed, at zone . from 172.23.144.5 got REFUSED
          Nov 17 20:48:23 proxy unbound[13963]: [13963:4] reply: 10.0.0.10 ec.europa.eu. A IN SERVFAIL 0.281635 0 30
          Nov 17 20:48:23 proxy unbound[13963]: [13963:5] info: iterator operate: query ec.europa.eu. A IN
          Nov 17 20:48:23 proxy unbound[13963]: [13963:5] info: response for ec.europa.eu. A IN
          Nov 17 20:48:23 proxy unbound[13963]: [13963:5] error: SERVFAIL <ec.europa.eu. A IN>: all the configured stub or forward servers failed, at zone . from 172.23.144.5 got REFUSED
          Nov 17 20:48:23 proxy unbound[13963]: [13963:5] reply: 10.0.0.10 ec.europa.eu. A IN SERVFAIL 0.159601 0 30

          From what I understand and correct me if I'm wrong the dns server 172.23.144.5. Is it what is preventing the resolution of the name?

          J 1 Reply Last reply Reply Quote 0
          • J
            jperezme @jperezme
            last edited by

            @jperezme said in DNS doens't resolv this addresses:

            error: SERVFAIL <ec.europa.eu. A IN>: all the configured stub or forward servers failed, at zone .

            Does anyone know if I can modify something in unbound to solve the problem or should something be modified in my provider's dns?

            Thanks in advance and specially to @johnpoz

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @jperezme
              last edited by johnpoz

              @jperezme from a quick look at that, looks like they refused to answer your query.. Are you running through a vpn?

              But a quick work around for something that is not resolving for you, but works via say asking 8.8.8.8 is to do a domain override in unbound for that domain, so vs it trying to resolve it - it will forward to where you set for that specific domain.

              Who is that? 172.23.144.5

              That is a rfc1918 address. So your forwarding in unbound to them? In no scenario when resolving would unbound be talking to a rfc1918 address..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              J 1 Reply Last reply Reply Quote 0
              • J
                jperezme @johnpoz
                last edited by

                @johnpoz 172.23.144.5 It is the dns of my provider and I cannot use another one. They only allow us to use that dns

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @jperezme
                  last edited by

                  @jperezme said in DNS doens't resolv this addresses:

                  They only allow us to use that dns

                  so your forwarding.. You can not query say 8.8.8.8 for example..

                  Well then if your only allowed to use their NS, and they do not allow you to talk to any other NS on the internet then you would be out of luck.

                  But that is not what your trace shows, your +trace showed you talking to other NS.. and it resolve just fine.

                  trace.jpg

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    jperezme @johnpoz
                    last edited by jperezme

                    @johnpoz Right. I can not use 8.8.8.8 google dns. If you remember, when I connect to the pfsense console and connect directly to the wan without going through unbound then it resolves the address well which is what you show in this last log. I suppose that would be it. The problem is when unbound forwards to 172.23.144.5
                    Is it possible that what you say is that 172.23.144.5 dns consult another dns later?

                    Now I'm not in the office and I can't access the console but if via the web and from the gui I get this so it's correct:
                    ; <<>> DiG 9.16.23 <<>> ec.europa.eu +trace
                    ;; global options: +cmd
                    . 58208 IN NS d.root-servers.net.
                    . 58208 IN NS e.root-servers.net.
                    . 58208 IN NS f.root-servers.net.
                    . 58208 IN NS g.root-servers.net.
                    . 58208 IN NS h.root-servers.net.
                    . 58208 IN NS i.root-servers.net.
                    . 58208 IN NS j.root-servers.net.
                    . 58208 IN NS k.root-servers.net.
                    . 58208 IN NS l.root-servers.net.
                    . 58208 IN NS m.root-servers.net.
                    . 58208 IN NS a.root-servers.net.
                    . 58208 IN NS b.root-servers.net.
                    . 58208 IN NS c.root-servers.net.
                    . 58208 IN RRSIG NS 8 0 518400 20221202170000 20221119160000 18733 . oH2GJb8bpAq6s7cA3s7yheKbw8BaOhiykWmYZGR9FNuGCqCfJsDF1WRL pHgqGOiyCVQtoamQZeufqMNTsyFHb+3X3MGM1oLB9RPNek8Kf3IWUcXX 6aoyNRCK7T7Qx+AJUgcZSvAq08sJi54UVR4NNYh8L1P3nEvraQSunnjG xqhUYOeZ4e0ekr/Vr5tgmjVknUB13bCFf+oDNFGk95NsJDQSTPlkHM2X 43p19snc1s5RbhQ9h4Aaib9GoIOpe/q7s0v4DgTh9asWNxhF5vNvaphF pR3X89YTDrfr12EoT/97Xtr4JLc3xtgqvxj5/xJog449JWJKJt//S1bm y9nYLQ==
                    ;; Received 1025 bytes from 127.0.0.1#53(127.0.0.1) in 13 ms

                    eu. 172800 IN NS w.dns.eu.
                    eu. 172800 IN NS x.dns.eu.
                    eu. 172800 IN NS y.dns.eu.
                    eu. 172800 IN NS be.dns.eu.
                    eu. 172800 IN NS si.dns.eu.
                    eu. 86400 IN DS 35926 8 2 89B9EF0445904E7C6074B5BECE823C3E264FBD91C103D10BDE603412 343CE70C
                    eu. 86400 IN DS 59479 8 2 5DBAA81BC0BEFE921886D8DA28498D9FD441B457FB0E3642A0B2F981 1C8E15E0
                    eu. 86400 IN RRSIG DS 8 1 86400 20221203050000 20221120040000 18733 . YrQOnGCtvEXMJ8Jn4xL/HHAWZy4pRHNhvMEjF9rMLusU/klnzewYj3sE z4KiTjK3JN0WU/RcwH1dZJUQ9SN0wexImt8Vubc63V5/Ed/9UnO89XcR vB4gc3SB7J8hgirM2YXkHE63ZUpPVwJkV3ap4FrS363Z+vMR92L0uNi4 r9paJEdGdb9q0r4uwvwTmOwLKeIMegbF6Y6L4sZqTQeL0btXKgqVAIMx 3kKuzBTuW2QKSshvCNYnh641bSwrIJD0lKzXUd7MBq2Tip1upAiXG58m zksP9B57OZ8mv5rES7zPI0N96E0VnTrP4Kz+L9i0Tm2FYcmy810XNBF2 5xy01w==
                    ;; Received 758 bytes from 199.9.14.201#53(b.root-servers.net) in 38 ms

                    europa.eu. 86400 IN NS ns4az1.europa.eu.
                    europa.eu. 86400 IN NS ns1lux.europa.eu.
                    europa.eu. 86400 IN NS ns2bru.europa.eu.
                    europa.eu. 86400 IN NS ns2lux.europa.eu.
                    europa.eu. 86400 IN NS ans1.cw.net.
                    europa.eu. 86400 IN NS ns3lux.europa.eu.
                    europa.eu. 86400 IN NS ns1.bt.net.
                    europa.eu. 86400 IN NS ns2eu.bt.net.
                    europa.eu. 86400 IN NS ns1bru.europa.eu.
                    europa.eu. 86400 IN NS ns3bru.europa.eu.
                    europa.eu. 86400 IN NS ans2.cw.net.
                    europa.eu. 86400 IN DS 6250 8 2 0186EEFF28A83D2C950963CEEF2F2070DC0885AC8AD7106B03A9741C 25DC6B82
                    europa.eu. 86400 IN DS 14845 8 2 9EF3C28F5B3A3D33756D61715B1BDBDBB07E0555598D30256D1F2B71 95324846
                    europa.eu. 86400 IN RRSIG DS 8 2 86400 20221127000852 20221120000653 21819 eu. g+3rLbUzTImI31N1McC5u6FvCER5iREqlIU1BOODdbnhQ7O9GKNU80lY SUuVUgNFAI/0KlRLzF3mDbBVSQV+F5Q7TPTCYNyD2mNJpTvibR0sYFiM 4cHGpn7WjD9es5bDvSjTUAG8h/Aa0fg8n6nvNPjPsTiFwm7Yw8n/IZ1I 8JM=
                    ;; Received 758 bytes from 185.151.141.1#53(x.dns.eu) in 39 ms

                    ec.europa.eu. 300 IN A 147.67.210.30
                    ec.europa.eu. 300 IN A 147.67.34.30
                    ec.europa.eu. 300 IN RRSIG A 8 3 300 20221202083905 20221118083318 33483 europa.eu. PD0SduTKxbjbOSwO4x/aMKpMQ8RRPVAgN3WSdv/xgeBofAcxARXPKhSF fybxUgTU29mS8swUT2pJ8LJGnInwp06U7BQWLgXlEzHox3FT6FaFL5za iULmPttV/4uylNkHx/VWu4ELQVQSXbTs69kAy3YZht2pWvJ2DNzfr9Zj Kr4O2Ag4Sg0XgZ2RJ88Bv+nL7GVEAOq7mn/Kg3LA0XzM7vV35clW+46y 0ZSxNy2mpxA7/FBIRkY2MBMC6XxkoT8DdDcoHPXdDxYf5xKM6ZyRDTZr z1gqK1o+UzJr3WkL8uomhU4nVby6NHbbXZya/9VBdc4UIAqE5zViSs8L rqdVeQ==
                    ec.europa.eu. 300 IN RRSIG A 8 3 300 20221208192143 20221118083302 23809 europa.eu. qXjcj+14uiincMWRJb0y0NiTo+1PxHkZ+VyYVNQPvb9WSrW29ClXE/sZ LILEjBx/25jp5M4jOJpnxvOVwb3F1jjVUmpGx89oo3DlErkjd6syXU8f vl+aDgU9iIfyOebfm87T5Ywn43fCjMJomGMsIUA1wegz2Hg3motj5IjZ vupwwKrPwxs/NupIbUtg57d8nj231fHFDaSXB+gFtuj2z1KxY5BTfoce Tp59jOMMJ+1kmI4/qo3I5E78l5hhV2kdYDrh0arlwBR95ps63jehHjH0 4vRqc9VQetWiAaLtS6fpJ/eWNrRNTGAAEWC86JV2Mm5uxSA9/D0jSODK KjEDIQ==
                    ;; Received 695 bytes from 147.67.12.2#53(ns1lux.europa.eu) in 36 ms

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @jperezme
                      last edited by

                      @jperezme said in DNS doens't resolv this addresses:

                      The problem is when unbound forwards to 172.23.144.5

                      Then don't forward to them.. Out of the box pfsense resolves.. Just like in that trace you show - it talks to roots, hey roots ns for .com hey .com ns, what is ns for domain.com - hey domain.com ns what is the IP address of www.domain.com

                      You have zero need of your isp dns server..

                      Your trace shows that unbound can clearly resolve and talk to the different NS involved in looking up that record - so why are you forwarding to some isp nameserver?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        jperezme @johnpoz
                        last edited by

                        @johnpoz I am hallucinating indeed I see that I can use other dns that are not those of my provider. I don't know if it's their mistake or they have changed their policy and now they allow us to use others. If so, this has solved my problem. Ufff!
                        Thank you very much for your help.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.