Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ipv6 dns opcode: QUERY, status: REFUSED

    Scheduled Pinned Locked Moved
    IPv6
    3
    10
    740
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netgate_etagten
      last edited by

      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25153
      ;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
      ;; WARNING: recursion requested but not available

      Version 2.7.0-RELEASE (amd64)
      built on Wed Jun 28 03:53:34 UTC 2023
      FreeBSD 14.0-CURRENT

      not fixxed by https://forum.netgate.com/topic/176989/problems-with-pfsense-ipv6-dns-function-does-it-exist

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @netgate_etagten
        last edited by

        @netgate_etagten that was fixed in https://redmine.pfsense.org/issues/13851

        And is listed as resolved, with a target of 2.7..

        Are you saying your not seeing the ACL populated with IPv6 on your lan interface?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        N 1 Reply Last reply Reply Quote 0
        • N
          netgate_etagten @johnpoz
          last edited by

          @johnpoz After reinstalling the system, I tested it and still failed. No other special services are available at this time.

          After a reboot:

          alt text

          alt text

          alt text

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @netgate_etagten
            last edited by johnpoz

            @netgate_etagten if your IPv6 is not allowed then yes it will be refused..

            Let me fire up my 2.7 vm and put an IPv6 on it, and check the acl..

            edit: did you restart unbound? Here see no IPv6 in access list, I then added one, then restarted unbound and there it is IPv6 prefix added to the access list

            accesslist.jpg

            Now I could go through all the hassle of routing actual gua IPv6 to my VM running pfsense, but the issue is clearly its going to refuse if not in the access list, and a restart of unbound creates it.. A ula is fine in testing if the IPv6 prefix you have on your interface is added to the access list.

            So it doesn't really matter past that, but here I can query it, when I put IPv6 on my box..

            query.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            N 1 Reply Last reply Reply Quote 1
            • N
              netgate_etagten @johnpoz
              last edited by netgate_etagten

              @johnpoz
              Restarting unbound can fix it, but unbound is abnormal after system startup.

              Sep 8 23:08:42 unbound 45594 [45594:0] info: start of service (unbound 1.17.1).

              2023-09-08 23:08:36 dhcp6c 51544 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
              2023-09-08 23:08:36 dhcp6c 51544 failed initialize control message authentication
              2023-09-08 23:08:36 dhcp6c 51544 skip opening control port
              2023-09-08 23:08:37 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:38 dhcp6c 51649 Sending Request
              2023-09-08 23:08:38 dhcp6c 51649 dhcp6c Received REQUEST
              2023-09-08 23:08:38 dhcp6c 51649 add an address 20:0:0:0:0:0:e8f:6be1/64 on re0
              2023-09-08 23:08:38 dhcp6c 51649 status code for PD-0: success
              2023-09-08 23:08:39 dhcp6c 51649 restarting
              2023-09-08 23:08:39 dhcp6c 51649 Start address release
              2023-09-08 23:08:39 dhcp6c 51649 Sending Release
              2023-09-08 23:08:39 dhcp6c 51649 remove an address 20:0:0:0:0:0:e8f:6be1/64 on re0
              2023-09-08 23:08:39 dhcp6c 51649 dhcp6c Received RELEASE
              2023-09-08 23:08:39 dhcp6c 51649 status code: success
              2023-09-08 23:08:40 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:41 dhcp6c 51649 Sending Request
              2023-09-08 23:08:41 dhcp6c 51649 dhcp6c Received REQUEST
              2023-09-08 23:08:41 dhcp6c 51649 add an address 20:0:0:0:0:0:e8f:6be1/64 on re0
              2023-09-08 23:08:41 dhcp6c 51649 status code for PD-0: success
              2023-09-08 23:08:41 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:42 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:08:42 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:43 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:08:44 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:45 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:08:48 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:49 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:08:56 dhcp6c 51649 Sending Solicit
              2023-09-08 23:08:56 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:09:10 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:11 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:09:25 dhcp6c 51649 restarting
              2023-09-08 23:09:25 dhcp6c 51649 Start address release
              2023-09-08 23:09:25 dhcp6c 51649 Sending Release
              2023-09-08 23:09:25 dhcp6c 51649 failed to remove an address on re0: Can't assign requested address
              2023-09-08 23:09:25 dhcp6c 51649 dhcp6c Received RELEASE
              2023-09-08 23:09:25 dhcp6c 51649 status code: success
              2023-09-08 23:09:27 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:28 dhcp6c 51649 Sending Request
              2023-09-08 23:09:28 dhcp6c 51649 dhcp6c Received REQUEST
              2023-09-08 23:09:28 dhcp6c 51649 add an address 20:0:0:0:0:0:e8f:6be1/64 on re0
              2023-09-08 23:09:28 dhcp6c 51649 status code for PD-0: success
              2023-09-08 23:09:30 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:31 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:09:31 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:32 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:09:34 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:34 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:09:38 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:38 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:09:47 dhcp6c 51649 Sending Solicit
              2023-09-08 23:09:47 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:10:06 dhcp6c 51649 Sending Solicit
              2023-09-08 23:10:06 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:10:42 dhcp6c 51649 Sending Solicit
              2023-09-08 23:10:42 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:11:52 dhcp6c 51649 Sending Solicit
              2023-09-08 23:11:52 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:13:42 dhcp6c 51649 Sending Solicit
              2023-09-08 23:13:42 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:15:41 dhcp6c 51649 Sending Solicit
              2023-09-08 23:15:42 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:17:49 dhcp6c 51649 Sending Solicit
              2023-09-08 23:17:49 dhcp6c 51649 advertise contains NoAddrsAvail status
              2023-09-08 23:19:54 dhcp6c 51649 Sending Solicit
              2023-09-08 23:19:54 dhcp6c 51649 advertise contains NoAddrsAvail status

              Why doesn't unbound use IPv6 Link Local?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @netgate_etagten
                last edited by

                @netgate_etagten

                This page / log : Status > System Logs > System > DNS Resolver
                as I presume you are looking for unbound logs in the DHCP logs, you won't find any.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                N 1 Reply Last reply Reply Quote 0
                • N
                  netgate_etagten @Gertjan
                  last edited by

                  @Gertjan I'm looking for lan ipv6 generation time

                  Sep 8 23:08:34 unbound 45594 [45594:0] notice: init module 0: validator
                  Sep 8 23:08:34 unbound 45594 [45594:0] notice: init module 1: iterator
                  Sep 8 23:08:34 unbound 45594 [45594:0] info: start of service (unbound 1.17.1).
                  Sep 8 23:08:41 unbound 45594 [45594:0] info: generate keytag query _ta-4f66. NULL IN
                  Sep 8 23:08:41 unbound 45594 [45594:1] info: generate keytag query _ta-4f66. NULL IN
                  Sep 8 23:08:42 unbound 45594 [45594:0] info: service stopped (unbound 1.17.1).
                  Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
                  Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
                  Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 1: 6 queries, 0 answers from cache, 6 recursions, 0 prefetch, 0 rejected by ip ratelimiting
                  Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 1: requestlist max 2 avg 1.16667 exceeded 0 jostled 0
                  Sep 8 23:08:42 unbound 45594 [45594:0] notice: Restart of unbound 1.17.1.
                  Sep 8 23:08:42 unbound 45594 [45594:0] notice: init module 0: validator
                  Sep 8 23:08:42 unbound 45594 [45594:0] notice: init module 1: iterator
                  Sep 8 23:08:42 unbound 45594 [45594:0] info: start of service (unbound 1.17.1).
                  Sep 8 23:08:44 unbound 45594 [45594:0] info: generate keytag query _ta-4f66. NULL IN
                  Sep 8 23:08:44 unbound 45594 [45594:1] info: generate keytag query _ta-4f66. NULL IN
                  Sep 8 23:36:10 unbound 77967 [77967:0] notice: init module 0: validator
                  Sep 8 23:36:10 unbound 77967 [77967:0] notice: init module 1: iterator
                  Sep 8 23:36:10 unbound 77967 [77967:0] info: start of service (unbound 1.17.1).
                  Sep 8 23:36:15 unbound 77967 [77967:0] info: generate keytag query _ta-4f66. NULL IN

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @netgate_etagten
                    last edited by johnpoz

                    @netgate_etagten kind of hard to generate an IPv6 on your lan if you didn't get one on your wan..

                    advertise contains NoAddrsAvail status, or atleast your not getting a PD.

                    I take it you edited this to hide the actual IP your getting 20:0:0:0:0:0:e8f:6be1, cause that sure isn't valid ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                    N 1 Reply Last reply Reply Quote 0
                    • N
                      netgate_etagten @johnpoz
                      last edited by netgate_etagten

                      @johnpoz
                      So I need to add the lan port ipv6 link local in unbound to ensure that it can work normally after the system restarts?

                      NoAddrsAvail because the acquired status is not released, and I don’t understand why dhcp6c needs to reacquire the address.

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @netgate_etagten
                        last edited by

                        @netgate_etagten said in ipv6 dns opcode: QUERY, status: REFUSED:

                        why dhcp6c needs to reacquire the address.

                        Did you try setting this

                        https://docs.netgate.com/pfsense/en/latest/config/advanced-networking.html#do-not-allow-pd-address-release

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post