DNS broke, 127.0.0.1 and the others too!
-
Re: [Internal DNS not working](setting DNS manually on host works. [SOLVED])Hi Steve et al,
So DNS went down on one of my secondary servers. It just does not work, not forwarding, not unbound. I fussed with pfblocker and reloaded the data base. During that process, it resolved Google once. I have tried turning off pfblocker, deleting the pfblocker data base from the resolver, commands from the command line, ... ya DNS is down. Maybe chicken and the egg. The unit is 200o0miles away. I am hoping I can trick it somehow.
Now without DNS there is not much I can do. Everything else seems to work.
Thanks for your help,
Roy
-
@reberhar if youโre forwarding ensure DNSSEC is disabled.
-
@SteveITS Hi Steve.
Well think I did all of the updates right. But it is true, can't even access the updates window and all of the update stuff you do from the command line fails.
I will, thankfully, be there next week. I have backuped up the config.xml and downloaded 2.7.2. Do you know of a way I could edit the ISO and insert the config.xml? The would be that cat's meow. Then I could just install remotely. I am sure there is a way.
Roy
-
@reberhar not quite but see https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html
-
@reberhar said in DNS broke, 127.0.0.1 and the others too!:
I could edit the ISO
Don't bother.
Before you leave : copy the xml file to a USB drive ( and also upload it to a One/Gmail/whatever drive as a plan B called backup).
Ones at the location, use the ISO 'as is'.
Assign a minimal "WAN and LAN" system (basiclliy accepting all the default) during initial command line install.
As soon as the GUI is up, import the config.
It reboots, and be patient : if you had pfSense packages installed, they all get installed in the back ground now - this process is signaled on the dashboard.
Done.Personal advise : remove all the DNS modification and addition you've made.
The default Netgate pfSense settings, "resolving mode" are close to perfect - can't get any better. -
This post is deleted! -
@reberhar Hi Gertjan,
Yes, I know all about these alternate ways of getting the config.xml onboard. My favorite is to modify a usb boot device, add the config.xml, boot and let it do its stuff. Everything then loads unattended. It remains though, that it would be nice to do it to an ISO. When I build a system with Virtualbox it requires an ISO. If I, being 2000 miles away I could insert a config in an ISO and build it all should return normally with no intervention. When I can't be there I have to have someone else intervene. Plus, this is HA and bringing up a vanilla system on a live network is going to cause problems.
At the very least the lan cables have to be pulled and connected to another device to do the manipulation. For remote management with virtualbox, this would be very helpful indeed.
Roy
-
@reberhar Steve,
Still something seems quite odd about this problem. I have had two virtualbox systems give me problems. One refused to update beyond 2.7.0. It was a sandbox so I told it to go back to factory settings, 2.6.
It still retused to go beyond 2.7.0. I mentioned 2.7.2 in the updates window but could not access that update. It might even say that it was on the latest version. Very soon after that I had opportunity to reboot the host, because of updates. I lost virtualbox ... vboxdrv, but it would not load no matter what.
After updating to virtualbox 7.0 and a new download of 2.7.2 that box was working again, including the update mechanism.
The remote box also failed after a large linux update and reboot, but virtualbox is still up. I have one install where I had to manually load the three vbox drivers into the kernel before vbox would load.
Is this problem my fault? Likely so, but usually problems with pfsense present themselves very differently, and it wouldn't be the first time vbox gave problems to freebsd.
My 2 cents.
Roy
-
@reberhar said in DNS broke, 127.0.0.1 and the others too!:
retused to go beyond 2.7.0
try https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting
I haven't tried with pfSense, but can you not extract the ISO (7-zip), add the config file, and recreate the ISO?
-
@SteveITS Oh Steve,
Yes I will try that!
I am also wondering what TAR would do with that. It is hard to remember what all these little utilities can do with all their switches.
Thanks,
Roy
-
@reberhar So the problem with DNS was the FO modem. It was a really weird problem. Both the primary server and the secondary server were connected to the FO modem via a switch. They both came in through one port from the switch. The primary was getting DNS fine. The secondary was not although connected with the ability to ping numbers. Moving the secondary to the second port on the modem gave DNS.
Of course this should not be. Perhaps there is a bug in the software of the modem.
I moved between ports and saw DNS go away on the secondary and come back when I moved the ethernet cable connection. DNS was lost and regained accordingly, but I never lost Internet connection.
It sounds like a firewall problem on the modem, but there doesn't seem to be any way to access the modem firewall.
