Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.3.2-RELEASE-p1 (amd64) dns resolver not working

    DHCP and DNS
    4
    12
    2514
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beavis last edited by

      Dnsresolver is not working at all. I cannot get answers from pfsense itself or on any client when I enable resolver.
      I have tried with forwarder and it works fine.

      My setup:
      2.3.2-RELEASE-p1 (amd64)
      2 interfaces, WAN and LAN. both has IP6 set to none.
      WAN 1000baseT <full-duplex>91.157..
      LAN 1000baseT <full-duplex>10.10..

      Sytem has 4  dns servers. No matter if only one or two
      DNS server(s)
      195.140.195.21
      193.229.0.40
      208.67.220.220
      8.8.8.8

      No firewall rules created
      Resolver config default, only selected WAN interface for outgoing and LAN and localhost for network.
      Hide version is selected.

      This is what happens from pfsense and all clients.

      [2.3.2-RELEASE][root@sense]/var/unbound: nslookup google.com

      ;; Got SERVFAIL reply from 127.0.0.1, trying next server
      ;; connection timed out; no servers could be reached

      From log I can see:
      Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:503:ba3e::2:30 port 53
      Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:dc3::35 port 53
      Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:9f::42 port 53
      Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:2d::d port 53

      I have set VS6 disabled in unbound.conf
      do-ip6: no

      I also tried remove all unbound entries in system config file and cleared /var/unbound and did restore and entered config again but no help.</full-duplex></full-duplex>

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Resolver doesn't use the servers listed in General Setup - DNS Server Settings.

        Do you have All selected for both Network Interfaces and Outgoing Network Interfaces?

        1 Reply Last reply Reply Quote 0
        • B
          beavis last edited by

          I did have all selected as default and it did not work like that either. I changed those settings when there was lot of errors in logs.

          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:1::53 port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:2d::d port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:12::d0d port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:dc3::35 port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:2::c port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:a8::e port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:a8::e port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:503:c27::2:30 port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:7fd::1 port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:500:2d::d port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:7fd::1 port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:dc3::35 port 53
          Jan 24 17:10:01 sense unbound: [37475:0] info: error sending query to auth server 2001:dc3::35 port 53


          1 Reply Last reply Reply Quote 0
          • chpalmer
            chpalmer last edited by

            @KOM:

            Resolver doesn't use the servers listed in General Setup - DNS Server Settings.

            Huh?  What does it use then?

            From System/General?DNS Server Settings..

            Address
            Enter IP addresses to be used by the system for DNS resolution. These are also used for the DHCP service, DNS Forwarder and DNS Resolver when it has DNS Query Forwarding enabled.

            Triggering snowflakes one by one..

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              @chpalmer:

              Huh?  What does it use then?

              Emphasized for you:

              Address
              Enter IP addresses to be used by the system for DNS resolution.

              1 Reply Last reply Reply Quote 0
              • chpalmer
                chpalmer last edited by

                Resolver doesn't use the servers listed in General Setup - DNS Server Settings.

                Address
                Enter IP addresses to be used by the system for DNS resolution.

                And the rest states-

                These are also used for the DHCP service, DNS Forwarder and DNS Resolver when it has DNS Query Forwarding enabled.

                So if Forwarding is not enabled where does the Resolver resolve from?  The system itself?

                Triggering snowflakes one by one..

                1 Reply Last reply Reply Quote 0
                • KOM
                  KOM last edited by

                  Huh?  What does it use then?

                  It talks to the root servers directly and then walks the chain to the authoritative server.

                  https://en.wikipedia.org/wiki/Root_name_server

                  1 Reply Last reply Reply Quote 0
                  • chpalmer
                    chpalmer last edited by

                    Kom-  Thank you!

                    Beavis-  select the IPv6 link locals as well.

                    Triggering snowflakes one by one..

                    1 Reply Last reply Reply Quote 0
                    • B
                      beavis last edited by

                      I did select all for network intefface,  but still lots of errors for ipv6 query in log and resolving is not working.

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned last edited by

                        @beavis:

                        but still lots of errors for ipv6 query in log

                        Completely useless info. What errors exactly? Why would you be resolving IPv6 at all with no IPv6 set up anywhere?

                        1 Reply Last reply Reply Quote 0
                        • B
                          beavis last edited by

                          Yes I don't understand why resolver is using IP6. I have disabled IP6 every where and also added manually do-ip6: no to unbound.conf file.
                          But every time when I change something in pfsense->services->dns resolver and save and hit apply it changes do-ip6: yes in config file.

                          nslookup is only giving time out on every host and pfsense itself.

                          This is from resolver.log:
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2001:500:127::30 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2002::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2bad::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2002::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2bad::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2bad::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2002::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2bad::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2a01:111:2bad::17 port 53
                          Jan 25 09:55:05 sense unbound: [40471:0] info: error sending query to auth server 2600:1406:32::c1 port 53
                          Jan 25 09:56:28 sense unbound: [40471:0] info: error sending query to auth server 2a03:7900:104:1::2 port 53

                          1 Reply Last reply Reply Quote 0
                          • B
                            beavis last edited by

                            I lost my patience with this and moved back to forwarder.
                            It works like supposed, no strage ip6 issues.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post