DNS connections on brand new install pfSense 2.4.5p1
-
Hello,
I just installed pfSense 2.4.5p1 on a HP T620+ and setup the DNS resolver to resolve my internal domain and set the listening interfaces for LAN and my other internal Interfaces for my LAB.
When i checked the page under diagnostics page > sockets > show all socket connections, i see 2 connections via TCP/53 to the following:
? ? ? ? tcp4 <external-ip>:62381 96.7.49.66:53
? ? ? ? tcp4 <external-ip>:30947 96.7.49.66:53Normally the other open/listening sockets show a USER ID, COMMAND, PID, and FD, but these only show ? for all that information.
Running sockstat -4 via SSH shows the same info.
Im wondering if this is unbound making connections to the root DNS servers for resolution.
For unbound, i have it set to not forward queries to the upstream DNS servers and DNSSEC support is enabled.
DNS forwarder is disabled, only DNS resolver is running.
Thank You,
-
@emiljan said in DNS connections on brand new install pfSense 2.4.5p1:
Normally the other open/listening sockets show a USER ID, COMMAND, PID, and FD, but these only show ? for all that information.
Hello!
sockstat -4 -s
might indicate that those sockets are not open/listening. Maybe the processes that owned them has terminated.
John
-
When I run the command sockstat -4 -s, it does not show the connections, they only appear briefly and then upon refresh they are gone.
-
I ran the following:
sockstat -46 -P tcp,udp -p 53 -s
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS STATE unbound unbound 58092 4 udp4 192.168.1.1:53 *:* unbound unbound 58092 5 tcp4 192.168.1.1:53 *:* LISTEN unbound unbound 58092 6 udp4 10.0.15.1:53 *:* unbound unbound 58092 7 tcp4 10.0.15.1:53 *:* LISTEN unbound unbound 58092 8 udp4 10.0.11.1:53 *:* unbound unbound 58092 9 tcp4 10.0.11.1:53 *:* LISTEN unbound unbound 58092 10 udp4 127.0.0.1:53 *:* unbound unbound 58092 11 tcp4 127.0.0.1:53 *:* LISTEN ? ? ? ? tcp4 <public-ip>:27315 199.249.119.1:53 TIME_WAIT ? ? ? ? tcp4 <public-ip>:3906 199.249.119.1:53 TIME_WAIT ? ? ? ? tcp4 <public-ip>:23285 96.7.49.66:53 TIME_WAIT ? ? ? ? tcp4 <public-ip>:52218 84.53.139.64:53 TIME_WAIT
Looks like it is unbound making the connections, but its not showing as that because they are closing.
All of the external IP's seem to be NS servers on the web.