How do I disable the DNS Forwarder?
-
Hi,
For debugging reasons, I am trying to disable the Unbound DNS Forwarder and, at the same time, enforce "require a domain".
When "Apply"ing these changes, they are lost and "Enable DNS Forwarder" is checked and "require a domain" is unchecked again.I've checked the "Disable DNS Forwarder" on the System/GeneralSetup page as well, and that one has been unchecked, too.
We are using
2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19Thanks for any enlightenment. :)
HP.
-
unbound out of the box is not a forwarder.. You would of had to enable it to work in forwarder mode at some point.
Why are you not running 2.3.4p1 ?
-
Thanks John,
unbound out of the box is not a forwarder.. You would of had to enable it to work in forwarder mode at some point.
If I get it right, forwarder mode is the default in pfSense 2.3.4.For tests, I want the DHCP clients to get the original DNS Servers form the System/GeneralSetup page^, instead of 127.0.0.1 or the LANIF IP.
In my understanding, disabling DNS Forwarding should do the trick, right?Why are you not running 2.3.4p1 ?
Because we are dealing with +/- 250 appliancies with pre-built images, slightly adapted for central management. 8) -
"If I get it right, forwarder mode is the default in pfSense 2.3.4."
No unbound as resolver has been default since 2.2
https://doc.pfsense.org/index.php/Unbound_DNS_ResolverYour dhcp clients would never get 127.0.0.1, they would by default point to pfsense interface IP that your running the dhcp server on. How would that work if dhcp clients pointed to themselves for dns??
-
For tests, I want the DHCP clients to get the original DNS Servers form the System/GeneralSetup page^, instead of 127.0.0.1 or the LANIF IP.
In my understanding, disabling DNS Forwarding should do the trick, right?The DNS Servers clients receive via DHCP are controlled under Services=>DHCP Server. The DNS servers under System=>General Setup specify the servers used by pfSense. If no DNS servers are specified under DHCP the default behavior is to give clients the pfSense machine as the DNS server.
-
Hi John,
Maybe I was easily to be misunderstood - Apologies.
I've read that document before, however I was not aware that "Forwarder Mode" is not just a functionality of Unbound.And yes, 127.0.0.1 is obviously not handed out by DHCP, but the first DNS on the appliance itself. :)
But nycfly put me on the track:
Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page.
I'll just enter the external DNS Servers, basically the same I've got in System/GeneralSetup.
Nevertheless, the unchecked "Enable DNS Forwarder" is checked again after a save.
Keep you updated, thanks so far. :)
-
"Nevertheless, the unchecked "Enable DNS Forwarder" is checked again after a save."
"Because we are dealing with +/- 250 appliancies with pre-built images, slightly adapted for central management. "
Maybe that has something to do with it.. What did you do to the images. Are they running RO on the file system or something. What "image" are you running on them.. If they are being handled by "central management." I would take that any changes you want to do to the managed boxes would have to be done via the central management.. If not its not really central management now is it ;)
-
What did you do to the images.
Without going too far off topic, we basically added a cron job SSHing to a central instance polling for new config XML files.
I honestly can't think of a relation to this.Nevertheless, I'll cross-check with an original 2.3.4.
-
what image are you running.. I would guess maybe the nanobsd.. You could be in a read only mode?
You do understand the settings are in the config.xml if you grab a central xml then yeah you would go back to your old settings, etc..
What I can tell you for sure is that in a normal system out of the box.. click it on, click it off - that simple..