When DCHP enabled then DNSBL is terminating Python mode....

Cool_Corona

@BBcan177

[pfBlockerNG]: Terminating DNSBL Python mode due to DNS Resolver DHCP Registration option enabled!

If I disable it, then DHCP clients doesnt get a DNS but have to manually set it everytime.

What to do?

RonpfS

@cool_corona Use Static DHCP instead.

Cool_Corona

@ronpfs For every client??

Gertjan

@cool_corona said in When DCHP enabled then DNSBL is terminating Python mode....:

For every client??

Of course not.
The DHCP server hands out leases to every device that wants one.
That has nothing to with 'DNS registration'.
Only devices that you want to use with their host names, devices like servers, should have a static DHCP lease.
So the DNS (unbound) knows about the host names and related IP addresses. So unbound can do it's DNS thing.

This :

@cool_corona said in When DCHP enabled then DNSBL is terminating Python mode....:

DNS Resolver DHCP Registration option enabled!

restarts unbound when (renew it new) lease comes in.

Cool_Corona

@ronpfs said in When DCHP enabled then DNSBL is terminating Python mode....:

@cool_corona Use Static DHCP instead.

Yes but then DHCP is reserved and thats not the intension with DHCP since clients are coming and going all the time.

Gertjan

Again :

@cool_corona said in When DCHP enabled then DNSBL is terminating Python mode....:

If I disable it, then DHCP clients doesnt get a DNS but have to manually set it everytime.

The "it" is "DNS Resolver DHCP Registration". Right ?

When "DNS Resolver DHCP Registration" is disabled on the unbound settings page, then this concerns only unbound (actually : it concerns the process dhcpleases that SIGkicks around unbound).
Not the DHCP server process, or its settings.
So, all DHCP clients still receive their lease with the gateway, network, IPv4, DNS and anything you've set up.

Check it out yourslef :
type

ipconfig /all

and you'll see the DNS of your device.
It should be the IP of the gateway, pfSense - as unbound is, by default, the local DNS resolver.
There is no way your device has a DNS configured today, obtained by the DHCP client, and nothing configured for DNS tomorrow.

I've disables myself "DNS Resolver DHCP Registration" a couple of yeas ago, and all my devices work just fine, can resolve local devices just fine.
The thing is : I added some Static DHCP so I can connect to a device called 'dvr.local.net' instead of "83595947-TPE1" or whatever they then to call themselves.

Cool_Corona

Thanks but the DHCP clients get everything exept DNS server on their DHCP lease.

And resolving doesnt work until I manually add pfsense IP as the resolver.

Gertjan

@cool_corona said in When DCHP enabled then DNSBL is terminating Python mode....:

the DHCP clients get everything exept DNS server on their DHCP lease.

That's not a normal at all.
When you installed pfSense the first time, your first device on LAN, the one that you used to set it up, received an IP for DNS.

With any PC OS (Windows 10, Win 7, Debain, etc), when I launch a DHCP renew on the client, I do have a DNS IPv4 (and IPv6).
I never had to change any PC IP setup. This has been plug and play. for decades.

On pfSEnse, I didn't even bother to change DHCP server settings.
Because it works out of the box.

So, the question has to be asked : what did you do to break this ?
Don't say 'nothing' as the default pfSense - we have both the same code - on my differs for our settings. These settings are, by default : identically.

edit : use a packet capture, inspect DHCP OFFER packets, check the options present, and see for yourself that a DNS -at least one - is present.
And if not,maybe the DHCP client amuses that the gateway == the DNS.
Leaving a system without DNS and an OS like windows will show that it's not connected to the Internet.

Cool_Corona

@gertjan said in When DCHP enabled then DNSBL is terminating Python mode....:

@cool_corona said in When DCHP enabled then DNSBL is terminating Python mode....:

the DHCP clients get everything exept DNS server on their DHCP lease.

That's not a normal at all.
When you installed pfSense the first time, your first device on LAN, the one that you used to set it up, received an IP for DNS.

With any PC OS (Windows 10, Win 7, Debain, etc), when I launch a DHCP renew on the client, I do have a DNS IPv4 (and IPv6).
I never had to change any PC IP setup. This has been plug and play. for decades.

On pfSEnse, I didn't even bother to change DHCP server settings.
Because it works out of the box.

So, the question has to be asked : what did you do to break this ?
Don't say 'nothing' as the default pfSense - we have both the same code - on my differs for our settings. These settings are, by default : identically.

edit : use a packet capture, inspect DHCP OFFER packets, check the options present, and see for yourself that a DNS -at least one - is present.
And if not,maybe the DHCP client amuses that the gateway == the DNS.
Leaving a system without DNS and an OS like windows will show that it's not connected to the Internet.

I configured it with a fixed IP address.

So I didnt notice it until I turned DHCP on. Which for testing purposes happened a week ago.

Gertjan

@cool_corona said in When DCHP enabled then DNSBL is terminating Python mode....:

I configured it with a fixed IP address.

Fire your admin.

A fixed IP is not only a fixed IP (and a /mask)
There is also a IP for the gateway.
There is also an IP for DNS
NTP while your at it.

The typical W10 dialog box for this names them all :

( sorry, they speak french here )

Cool_Corona

@gertjan You misunderstand me...

Firewall has a LAN IP.

I installed it from a workstation with a fixed ip.... not given by DHCP