DNS Resolver Custom Options Do Not Start on Startup
-
I have configured DNS Resolver with the custom option:
log-queries: yes
When pfsense is restarted, remote logging does not resume.
2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6Instead, I must go into the Resolver General Settings, and click Save. Then, everything starts logging to my remote syslogd server.
Any help is appreciated.
-
Hi,
I entered this (adding #anchor(log-queries: yes)).
After hitting "Save", unbound restarted.
And my logs, locally and remotely, were getting swamped with query log lines. -
@user2 said in DNS Resolver Custom Options Do Not Start on Startup:
When pfsense is restarted, remote logging does not resume.
Next restart, if you don't see any logging, just restart unbound from the Status Service tab. I will probably start logging.
-
@ronpfs Thank you for responding. It is true that restarting unbound after a pfsense reboot resumes logging. Instead I was hoping (expecting) the unbound settings to start logging automatically. Doesn't it seem odd to go into a service to restart it just after rebooting the pfsense firewall?
-
@gertjan Thank you for sharing your custom options. It is also my observation that hitting "Save" resumes external logging. However, I was hoping this setting would automatically start upon a pfsense reboot. Maybe this is a bug?
-
@user2 said in DNS Resolver Custom Options Do Not Start on Startup:
Doesn't it seem odd to go into a service to restart it just after rebooting the pfsense firewall?
It's odd but it's been like that for years.
-
@ronpfs Hmm... I see. Since this is new to me, I was not expecting it. (I think this is also observed for snort alerts - the need to restart the service after a reboot.) Is there a way to recommend a change?
-
pfsense demand TLC
-
Hello all,
unfortunately in my experience this still happens on:
2.5.2-RELEASE (amd64)
built on Fri Jul 02 15:33:00 EDT 2021
FreeBSD 12.2-STABLESteps to reproduce the issue:
- Services > DNS Resolver > General Settings
- Custom options set and saved to
server: log-queries: yes
- DNS queries are correctly sent to the defined syslog server (don't know if logged locally on pfSense, I'm not interested in that)
- reboot pfSense
- DNS queries are not correctly sent to the defined syslog server (don't know if logged locally on pfSense, I'm not interested in that)
- Status > DNS Resolver > Restart service (or Stop Service && Start Service)
- DNS queries again are correctly sent to the defined syslog server (don't know if logged locally on pfSense, I'm not interested in that)
Regards
-
I have reproduced this on 2.6.0 CE as well. I only very recently cutover to using resolver instead of forwarder because the forwarder no longer worked for me in 2.6.0.
I log and inspect DNS queries, so I hit this bug right away.
Losing your DNS logs from your SIEM on reboots isn't a good security situation. This deserves some escalated attention.