Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. unbound
    Log in to post
    • All categories
    • el_babyE

      Can't enable unbound-control

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS unbound unbound.conf dns resolver unbound-control
      4
      0 Votes
      4 Posts
      264 Views
      el_babyE

      Thanx a lot @Gertjan

      That was it. It was listening on port 953.

      Since I had not seen any configuration option in the UI I thought it was disabled.

    • JonathanLeeJ

      SMTP and IMAP Strict Destination Question

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS unbound.conf unbound dns resolution smtp imap
      3
      0 Votes
      3 Posts
      206 Views
      JonathanLeeJ

      685ef897-9dfa-4656-81a3-8cb04f4c40f8-image.png

      I am aware of the resolver interval, is there a way to bypass one url

      example imap.gmail.com always forward to 8.8.8.8 do not save in firewall dns namesever for reuse

      thus every time it gets the new ip address google has for the mail server, they change so fast the firewall can't keep up so the mail app at times says error after 5 mins it will resolve but that is unacceptable for modern use.

    • JonathanLeeJ

      IPv6 HE tunnel broker and Netflix quick fix idea

      Watching Ignoring Scheduled Pinned Locked Moved IPv6 ipv6 he.net tunnelbroker netflix unbound
      3
      0 Votes
      3 Posts
      396 Views
      GertjanG

      @JonathanLee said in IPv6 HE tunnel broker and Netflix quick fix idea:

      This fixed my issues 100% anyone else parse AAAA and A dns records like this?

      That issue is very old.

      Hit the search button - its just above :

      979fea0f-8b0a-4338-afa4-9be21a3aeefa-image.png

      The issue has even a pfBlockerng solution made for it :

      99d7ab85-cb14-44e3-958e-e48648d7256f-image.png

      Check the check box.
      Add all the host names that should not be resolved to AAAA.
      Done.

    • R

      Unbound not using glue records

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions dns unbound bind
      4
      0 Votes
      4 Posts
      326 Views
      R

      I figured it out - I should not put my authoritative server under the domain override section because unbound put it in a forward zone and expects a dns resolver. Instead, I switched to a stub zone under custom configuration, which requires an authoritative dns server and unbound will perform recursive lookup itself.

    • B

      Unbound syslog stopped working after upgrading from 2.7 to 2.7

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions 2.7.0 unbound crash syslog
      5
      0 Votes
      5 Posts
      715 Views
      S

      @bassplayaman re: latest, see https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting

    • N

      DNS-Resolver scheint manchmal nicht zu antworten

      Watching Ignoring Scheduled Pinned Locked Moved Deutsch unbound timeout
      4
      0 Votes
      4 Posts
      621 Views
      JeGrJ

      @n300 der umgekehrte Fall trifft zu, das Modul hat aber auch nichts mit den Client zu tun, sondern mit Übermittlung von Domains via pfB wenn das gemeint ist.

    • E

      Control D: ctrld

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion dns unbound filtering blocklist geolocation
      4
      0 Votes
      4 Posts
      1k Views
      Y

      @ericafterdark I'm actually one of the authors of ctrld. If you're into fancy DNS routing, you may dig this article on how to use ctrld with pfSense, and what you can accomplish with it, especially if you use Control D as an upstream. https://github.com/Control-D-Inc/ctrld/wiki/pfSense-and-OPNsense-Operations-Guide

    • JonathanLeeJ

      Feature Request: GUI options to Unbound Resolver's new DoH abilities

      Watching Ignoring Scheduled Pinned Locked Moved Plus 23.09 Development Snapshots (Retired) doh unbound dns dns over tls dns resolver
      2
      2 Votes
      2 Posts
      1k Views
      jimpJ

      If it's fully standalone in Unbound that should be possible, though I don't know what kind of time frame we'd be looking at.

      I haven't kept an eye on it but last I saw it required passing in the https requests from something else like an nginx proxy setup but from the look of those docs they seem to have native support now. The library they mentioned is present on pfSense and is a dependency of Unbound already (the ports option DOH is enabled) so all the backend parts appear to be present, just the GUI/PHP config code would need to be implemented.

      The larger problem is that it's going to want to use port 443 which complicates GUI access and makes it trickier to use in practice.

    • A

      DNS DOS flood attack

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS dns unbound dos attack
      10
      0 Votes
      10 Posts
      2k Views
      A

      @johnpoz Thanks again john. Decided to by-pass the whole local network and plugged the internet straight into Wireshark. Couldn't find any DNS packets! Did a factory reset and assigned Snort to the LAN interface and all is good! Thanks for your help.

    • G

      Firewall locks up, possibly unbound config

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions unbound drash hung interface
      22
      0 Votes
      22 Posts
      3k Views
      JonathanLeeJ

      @gessel I too have an alert from this China IP block 183.136.225.29

      Screenshot 2023-10-18 at 8.24.51 AM.png

      https://forum.netgate.com/topic/183488/et-scan-hid-vertx-and-edge-door-controllers-discover

      Virus total shows it is an invasive actor.

      183.136.225.31 also

      Screenshot 2023-10-18 at 11.27.08 AM.png

    • beerguzzleB

      high "unbound" mem usage after 23.01

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions unbound 23.01
      2
      0 Votes
      2 Posts
      589 Views
      stephenw10S

      Do you have a complex Unbound config? pfBlocker with DNSBL?

    • ?

      unbound client forward to knot-resolver server without recursion desired (RD) bit get status REFUSED.

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS unbound forwarding
      2
      0 Votes
      2 Posts
      741 Views
      GertjanG

      @sauce
      I've found https://knot-resolver.readthedocs.io/en/stable/modules-refuse_nord.html
      How is this related to pfSense ?

    • H

      DNS Dropouts

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS dns openvpn ipvanish unbound
      1
      0 Votes
      1 Posts
      657 Views
      No one has replied
    • M

      unbound / subdomain delegation / local-zone type

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS unbound delegation override dns resolution
      1
      0 Votes
      1 Posts
      1k Views
      No one has replied
    • 1

      DNS over TLS Not Working?

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS tls dns resolver tls over dns dns unbound
      7
      0 Votes
      7 Posts
      3k Views
      GertjanG

      @coyote1abe said in DNS over TLS Not Working?:

      could you please be a little more specific about the change you made to system

      Somewhere in the past, he changed the IP settings of his device ( a Windows PC ) from the default DHCP settings to a static setting.

      Like this :

      d3577074-a66d-4dc6-9d2a-47fe70abc2e1-image.png

      which means this windows device doesn't use pfSense at all for DNS .... because he asked 1.2.3.4 to be used.

      He has undone that, and now all is well.

    • R

      DNS queries failing during DNSBL reload

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG unbound dnsbl pfblockerng dns
      2
      0 Votes
      2 Posts
      666 Views
      S

      @rvjr On pfSense unbound generally restarts. See
      https://redmine.pfsense.org/issues/5413

    • R

      Unbound reload fails with large DNSBL feed

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG unbound dnsbl pfblockerng
      1
      0 Votes
      1 Posts
      400 Views
      No one has replied
    • M

      Unbound: fatal error: Could not read config file: /unbound.conf

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS unbound unbound.conf
      4
      0 Votes
      4 Posts
      3k Views
      GertjanG

      @myman said in Unbound: fatal error: Could not read config file: /unbound.conf:

      unbound-checkconf returns unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf

      Runing " unbound-checkconf" will check the default /usr/local/etc/unbound/unbound.conf, a file that exists, but it is just a demo file.
      The real "unbound.conf", the one unbound for pfSense is using, is here/var/unbound/

      Your unbound is restating every couple of minutes.
      If these restarts happen to often, then the start code can overlap with another startup. Then one of then can fail and you see the error shown.

      Disabling "DHCP registration" is one of the first things to try.

    • L

      Unbound was killed: out of swap space

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgate® Hardware unbound swap sg-1100
      12
      0 Votes
      12 Posts
      5k Views
      GertjanG

      Log lines indicate the exact moment of the events :

      @leonroy said in Unbound was killed: out of swap space:

      Jan 11 13:01:33 unbound 63374 [63374:0] notice: Restart of unbound 1.12.0.

      and while it's starting - 15 seconds later :

      @leonroy said in Unbound was killed: out of swap space:

      Jan 11 13:01:48 unbound 63374 [63374:0] info: service stopped (unbound 1.12.0).

      and a small instance (< 1 second) :

      Jan 11 13:01:48 unbound 63374 [63374:0] notice: Restart of unbound 1.12.0.

      To make a long story, go to the Unbound / Resolver settings page and uncheck this :

      ffec4b58-bccf-4e36-8b6e-dc41c1cea202-image.png

      Stick a post-it on the pfSense box that says :
      "Check the resolver logs again after 48 hours and see how many stops/restarts happened the last 48 hours".
      If you find "a couple" or even less : issue solved.

    • charles_moodyC

      DNS PROBLEM WITH 'LINUX VM INSTEAD OF ROUTER' | UNBOUND

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS dns unbound routing
      11
      0 Votes
      11 Posts
      1k Views
      johnpozJ

      You do not need to create a nat - but if your policy routing, then yes you need a rule above that policy route rule that allows where your trying to go before you policy route out a vpn.

      https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing