DNS resolver stopped resolving one hostname
-
Why doesn't 127.0.0.1 answer? is unbound not actually running?
Do you not have it listening on loopback? You for sure should be able to do a query on pfsense going to loopback.
and just normal dig should do that too..
[21.05-RELEASE][admin@sg4860.local.lan]/root: dig muenchen.social ; <<>> DiG 9.16.15 <<>> muenchen.social ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3216 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;muenchen.social. IN A ;; ANSWER SECTION: muenchen.social. 1414 IN A 159.69.89.221 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Jul 11 16:17:48 CDT 2021 ;; MSG SIZE rcvd: 60 [21.05-RELEASE][admin@sg4860.local.lan]/root:You can see there it used loopback for the query.
-
@johnpoz
Not sure what's happening here, but after I woke up this morning, resolving the problematic host is working again.pfBlockerNG is still disabled, so I don't think it has anything to do with my whitelist entry.
I'm still trying to understand the problem. What do you mean by "is unbound running"? Which options should I check here?
(Sorry, I don't have much knowledge about DNS, until now that was just something that worked fine
). -
@silmaril said in DNS resolver stopped resolving one hostname:
pfBlockerNG is still disabled,
Was it ( pfBlockerNG ) running when you found out that muenchen.social wasn't resolving - the first time ?
Was it resolving to something like "10.10.10.1" or just nothing at all ? -
@gertjan
As far as I can reproduce it, I am pretty sure, pfBlockerNG was not running when the problem first occured.
It did not return any IP.When testing with Network Analyzer on an Android phone, I got a
SERVFAILerror, which seems strange, because usually it'sNXDOMAINif the name cannot be resolved. -
@silmaril said in DNS resolver stopped resolving one hostname:
Network Analyzer on an Android phone
For the next time :
Usedig muenchen.social +traceon the console (or : easier : ssh) access.
You'll have all answers on the screen.Or, on a PC :
nslookupand activate the debug :
set debug=onNow enter :
muenchen.socialand you have all the details.
I don't have android device - neither would I use such a device for these tests.
-
@gertjan said in DNS resolver stopped resolving one hostname:
@silmaril said in DNS resolver stopped resolving one hostname:
Network Analyzer on an Android phone
For the next time :
Usedig muenchen.social +traceon the console (or : easier : ssh) access.
You'll have all answers on the screen.That's awesome! Thanks for this hint!
Or, on a PC :
nslookupMy PC is running Linux ;-)
I don't have android device - neither would I use such a device for these tests.
It was just interesting because of this error code - but I will use
dig ... +trace, if I encounter similar problems in the future. -
btw you can install dig on your pc.. Its a MUST have for me ;)
Just install the bind package from isc and pick tools only..
here is my windows machine
C:\>dig ; <<>> DiG 9.16.18 <<>>if linux than yeah easy as well to install dig if you don't have it.
-
For pfSense :
pkg install bind-tools -
@gertjan didn't they make it default installed? I know I am on clean install of pfsense+ and I don't recall installing that package..
-
@johnpoz said in DNS resolver stopped resolving one hostname:
didn't they make it default installed?
I don't think so. But I can't remember.
Installed pfSense ones, version 1 ? When I was fiddling with M0n0wall. Or something like that. Seems ages (a decade ?) to me. Been upgrading since, never re installed, it.edit :
Joined 29 Dec 2005, 21:40Ok, more then a decade.
-
I think it is part of base install now... When 2.5/+ came out I did clean installs.. And I don't recall having to install that, and I have dig..
