DNS resolver not logging correctely



  • I have added the costum option (log-queries: yes) so that unbound record all the DNS queries, but it is behaving incorrectly, it's only logging the DNS queries from one host of my LAN. any solution??


  • Rebel Alliance Global Moderator

    Yeah have your other hosts actually use unbound vs something else ;)  If its logging 1 host, then its logging.. The only reason it wouldn't be logging your other hosts would be that those hosts are not even asking it ;) hehehe

    Here I turned it on.. You can see queries from 3 different hosts on 2 different networks, in like 10 seconds of turning it on.




  • All the hosts in the LAN are configured the same way to use the DNS server provided by pfsense, I still don't know why they are not logged in the DNS queries


  • Rebel Alliance Global Moderator

    Because they didn't make a query would be my guess ;)  You need to actually Verify they are doing queries if your saying they are not logging..  So lets see the logs of your 1 client, and then what query are you saying is not being logged?

    Are these clients behind a wifi router that you thought you were using as AP, but its really natting so your only seeing the query in the log from its IP address?

    So from a client do a dig or nslookup or drill.. So it shows you doing a query to pfsense?  Sniff on pfsense interface they are doing the query too.. Do you see the query?

    
    > dig www.pfsense.org
    
    ; <<>> DiG 9.11.0-P1 <<>> www.pfsense.org
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31348
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;www.pfsense.org.               IN      A
    
    ;; ANSWER SECTION:
    www.pfsense.org.        300     IN      A       208.123.73.69
    
    ;; AUTHORITY SECTION:
    pfsense.org.            218     IN      NS      ns2.netgate.com.
    pfsense.org.            218     IN      NS      ns1.netgate.com.
    
    ;; Query time: 35 msec
    ;; SERVER: 192.168.9.253#53(192.168.9.253)
    ;; WHEN: Mon Dec 05 03:42:32 Central Standard Time 2016
    ;; MSG SIZE  rcvd: 107
    
    

    You can see here what IP did query too..
    ;; SERVER: 192.168.9.253#53(192.168.9.253)

    If I do a nslookup you can see what server its going to ask.

    nslookup
    Default Server:  pfsense.local.lan
    Address:  192.168.9.253