PFSENSE + 23.01
-
hum strange !
i test out something !
disable dns over TLS in the dns resolver !
put it back to standard 53, seem to resolved the issue !
pretty strange ! -
@jimbohello at this point every issue we have with v23 seems to come back to some unbound DNS issue. You might check the other threads about getting DNS with TLS working.
-
@jimbohello said in PFSENSE + 23.01:
disable dns over TLS in the dns resolver
As Clyosoft indicates there are a few threads about DNS not working. Disabling DNSSEC while forwarding seems to be required now (and reportedly all along was known to sometimes cause failures when forwarding), but several have said they also need to disable DNS over TLS. See for instance:
https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl/
-
DNSSEC was already disable !
i do not use quad9
opendns
cloudflare
googleil just turn off TLS for now :)
-
i don't know if this help, but i did some testing,
if i remove in tab - /system/general
use remote dns serveur , ignore local dnsthe problem is solve using DNS OVER TLS
when i put back "use local dns, ignore remote dns " problem occur
-
@jimbohello said in PFSENSE + 23.01:
when i put back "use local dns, ignore remote dns " problem occur
This setting affects how pfSense itself does DNS. So again it sounds like DNS is not working on your router, for some reason.
https://docs.netgate.com/pfsense/en/latest/config/general.html#dns-resolution-behaviorIs the DNS Resolver service running? If you try to start it, or restart it, are there errors shown in the system log or DNS Resolver log? Test DNS using Diagnostics/DNS Lookup.
-
Listen my friend , yesterday before my upgrade 23.01 my setup was the same for several years
Never had ans issue
23.01 is the issue in DoT
I have zero problem on dns resolution for my local lan client.
The problem is only in alias fetching xxxx.dyndns.org ipSame issue on all my appliance
LOG/ dns resolver /. FAILED TO RESOLVE HOST
If i go back to standard dns(53). Work like luky charm. :)
It exacly this problem
https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl
quad9, google, opendns, cloudflare or whatever is issue
All my appliance 23.01 are doing this issue
All my appliance 22.05 are doing goodThey have the same setup everywhere.
-
here log level 3
from pfsense resolution imself
Apr 7 21:33:30 unbound 88702 [88702:0] info: finishing processing for vrac-nicolas.dyndns.org.jimbohello.arpa. AAAA IN
Apr 7 21:33:30 unbound 88702 [88702:0] info: query response was NXDOMAIN ANSWER
Apr 7 21:33:30 unbound 88702 [88702:0] info: reply from <.> 1.1.1.1#853
Apr 7 21:33:30 unbound 88702 [88702:0] info: response for vrac-nicolas.dyndns.org.jimbohello.arpa. AAAA IN
Apr 7 21:33:30 unbound 88702 [88702:0] info: iterator operate: query vrac-nicolas.dyndns.org.jimbohello.arpa. AAAA IN
Apr 7 21:33:30 unbound 88702 [88702:0] debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_replyFrom the client side (lan)
Apr 7 21:38:42 unbound 88702 [88702:0] info: finishing processing for vrac-nicolas.dyndns.org. A IN
Apr 7 21:38:42 unbound 88702 [88702:0] info: query response was ANSWER
Apr 7 21:38:42 unbound 88702 [88702:0] info: reply from <.> 8.8.8.8#853
Apr 7 21:38:42 unbound 88702 [88702:0] info: response for vrac-nicolas.dyndns.org. A IN
Apr 7 21:38:42 unbound 88702 [88702:0] info: iterator operate: query vrac-nicolas.dyndns.org. A INJESUS I FOUND THE ISSUE I GUEST :
WHY IS PFSENSE ITSELF TRY TO RESOLVE
vrac-nicolas.dyndns.org.jimbohello.arpa
when it suppose to be vrac-nicolas.dyndns.orgpfsense is hading the domain part of itself ! no wonder why it can't resolve
-
Hmm, I only expect to see that if it has already failed to resolve the fqdn without the domain appended.
-
When following DoT procedure base on netgate.
All alliases having dynamic name to resolve, get an response from dnsfilter « failed to resolve host - will retry again later ». Some of them does resolve bost most part failed completly ans then, at a point failed all.When chanching aliases to url ip table , no problem occur.
If i remove all DoT everything work as expected
Note : i have arround 140 dynamic name to resolve.
Hope help
Behavior apper on sg-3100, sg-8200 pro max. And all other device
Version 22.05 not affected
Version 23.01 affectedThank’s
Hope helps
