Use Domain Override to have a site resolve with google instead of Unbound?
-
-
8.8.8.8 is not the authoritative name server for actionweather.gov
When you do a domain override it suppose to forward to the authoritative server for that domain..
If your having issues resolving actionweather.gov - just put in a host override for the IP you want it to resolve too.
your going to cache the record in unbound, and yeah if you ask unbound its going to show that as the server that gave you the answer.
-
Right, I forgot that domain override is the same as forward-zone…
Dok is right, your DNS query tool is not going report how the query was resolved unless you turn on trace.
-
More precisely, use dig +trace from somewhere else than pfSense itself (or you'll have to set up an "allow snoop" ACL for localhost).
-
Thank you to everyone for the help!
I ran dig SOA +trace
x@x-TPadT420:~$ dig SOA +trace aviationweather.gov ; <<>> DiG 9.10.3-P4-Ubuntu <<>> SOA +trace aviationweather.gov ;; global options: +cmd . 38440 IN NS j.root-servers.net. . 38440 IN NS k.root-servers.net. . 38440 IN NS l.root-servers.net. . 38440 IN NS m.root-servers.net. . 38440 IN NS a.root-servers.net. . 38440 IN NS b.root-servers.net. . 38440 IN NS c.root-servers.net. . 38440 IN NS d.root-servers.net. . 38440 IN NS e.root-servers.net. . 38440 IN NS f.root-servers.net. . 38440 IN NS g.root-servers.net. . 38440 IN NS h.root-servers.net. . 38440 IN NS i.root-servers.net. ;; Received 239 bytes from 127.0.1.1#53(127.0.1.1) in 158 ms gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5 559561F0 gov. 86400 IN DS 7698 8 1 6F109B46A80CEA9613DC86D5A3E065520505AAFE gov. 86400 IN RRSIG DS 8 1 86400 20170330170000 20170317160000 61045 . iHnGx0kKdbPE0k8KJRzK27SItqr07Xk0CyXjad3aPgHsYdSI6OqQzaM4 UGKWxhTIfeVntgXhRy/MtKETHF5NUmChx9EwYXPBe3243+CrLhJUKd/s 7mMAZb/duIv3nhZbeqXOO5gs+R6J4jgFJzqbMVbyW1zM58yuMiRtrOnI yrEcFTAicOVahdU+Pg/3E0M7/aSbqo/GgKblcBzs/84ZQOurwaqGvsTa Ljz4z1Yc7XrUki68puIChzCDPX7Dmqt82AG9i20338aZoBILXoiAgaVj dDc8Bmihfz+7HuQPJ7Vq4dCfwbjPiMPluiviqjsnV55EDLUqjFi7qVOm nyWBzg== ;; Received 526 bytes from 202.12.27.33#53(m.root-servers.net) in 184 ms aviationweather.gov. 86400 IN NS ns-e.noaa.gov. aviationweather.gov. 86400 IN NS ns-mw.noaa.gov. aviationweather.gov. 86400 IN NS ns-nw.noaa.gov. aviationweather.gov. 3600 IN DS 9013 5 1 DB5C73EB503656C8A826C77D9F6AAF33BBAE4B33 aviationweather.gov. 3600 IN DS 9013 5 2 D4A51BDCBE4BFC940BCDA16CF391D04493D1F9A517D21D077EA9AE2C E8488578 aviationweather.gov. 3600 IN RRSIG DS 8 2 3600 20170324161015 20170317161015 28127 gov. mSHmrvIk2/41V10Bz4ZjMUGEnj1H37+LffXjgYdRvAU25BFOSME5J5J0 B+ESKnap5338fZgz22EWmlZYGHOXkrkUkvJ33Phms+YDrtE37RfbNiWn w++FohUr5tkn//MuqkvXykYssN8P3zTPJLh1WnzK1IN/9k+bfDpMmUtc sGY= ;; Received 491 bytes from 69.36.157.30#53(a.gov-servers.net) in 23 ms aviationweather.gov. 120 IN SOA dns02.woc.noaa.gov. hostmaster.noaa.gov. 2016051271 10800 3600 604800 86400 aviationweather.gov. 120 IN RRSIG SOA 5 2 120 20170324161129 20170317161129 9837 aviationweather.gov. spvlUjoVjEiTfEgs/9aHrHKJyZb704/LOGr65wY0NT821I8s5pqgpybH sni2ocHm1ruv7a55Y1/N0mhAnw7/vihtCtxQ557Xx7cVXB72NTXYx3DB cMgDso+rqDRhzarpjLmflT3oPwHPZqnpkNQdb+d0QHzzxChqF9J+AqTf qPVNxxuG6Yd7EtA7AAvIjrp3Y36Sl/rs03wwx8ohAmDVifoZwVWy9wDF B33RJp3pBuE4/GzaTYzC3wHFCIVXm/e9WTQsZpy3/P+686P1HzwBG1lQ 3hegf1+W6/1reAM49RUut8kN3ZPv+C+8hZUi9hHsE0tNESf4asPc1iiQ 5T6H/A== aviationweather.gov. 120 IN NS ns-nw.noaa.gov. aviationweather.gov. 120 IN NS ns-e.noaa.gov. aviationweather.gov. 120 IN NS ns-mw.noaa.gov. aviationweather.gov. 120 IN RRSIG NS 5 2 120 20170324161129 20170317161129 9837 aviationweather.gov. oquQzHQFdPym0QAFUGgRcMy8KZd4Bp6Z4BTU8cEOnfE8kO+gBGk47RFA OMUeJQmTFtg/CP9vEk1ZgAq+PQ1+IVJd/xGMEmWp22jztAuYvWCl4Hes 3JziKkWfyOS7f0004lwiBDYbZINowqxNnUTrkZESOZhp50YiYFK0Y8kh /pLx1CDU0LMjduuCnU6SnudtZu7IdRaBZBc+fsD3sl+WE00lW2+4nf7n PU7SBGxSu3G7aEVMKehP4GRHoGU/gPiRje7nBNTX72xygH+SjGxO25Y5 BAAhbzeY4E76KU+0tbmLBG7j8dEbb72T47UewVVD1itrCwAY5+kUHkk5 pP6Wbg== ;; Received 2691 bytes from 140.90.33.237#53(ns-e.noaa.gov) in 103 msSo i put 140.90.33.237 as the IP for domain overrides for aviationweather.gov & www.aviationweather.gov
just aviationweather.gov works but www.aviationweather.gov doesn't?
I obviously don't really know what I'm doing here but am hoping I picked out the right IP from the dig SOA +trace results?
-
www.aviationweather.gov is not a domain. It is an FQDN. Remove the domain override for it and try again.
-
OK, thanks!
So is there no way to override for something along the lines of:
www.aviationweather.gov/things
Or do I just have to type in only :
aviationweather.gov/things
I ask because right now it works if I type in the address, but if I do a google search and click a link, it times out unless I erase the "www." and try again.
It would be great if the government wouldn't have such shit DNS servers. I haven't run into this anywhere else.
-
"aviationweather.gov/things"
that is not a fqdn either..
The domain would be aviationweather.gov
That is it! They seem to only have problem with the ipv6 NS
aviationweather.gov/A: No response was received from the server over UDP (tried 8 times). (2610:20:8000:8c00::237,
put in a domain override to only their ipv4 addresses
140.172.17.237
140.90.33.237
161.55.32.2All 3 of them respond when I query them.
dig @ns-mw.noaa.gov www.aviationweather.gov
; <<>> DiG 9.11.0-P3 <<>> @ns-mw.noaa.gov www.aviationweather.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61812
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 7
;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aviationweather.gov. IN A;; ANSWER SECTION:
www.aviationweather.gov. 120 IN CNAME aviationweather.ncep.noaa.gov.
aviationweather.ncep.noaa.gov. 300 IN CNAME aviationweather.cp.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov. 86400 IN A 140.90.101.207;; AUTHORITY SECTION:
ncep.noaa.gov. 86400 IN NS ns-mw.noaa.gov.
ncep.noaa.gov. 86400 IN NS ns-e.noaa.gov.
ncep.noaa.gov. 86400 IN NS ns-nw.noaa.gov.;; ADDITIONAL SECTION:
ns-e.noaa.gov. 86400 IN A 140.90.33.237
ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237
ns-mw.noaa.gov. 86400 IN A 140.172.17.237
ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237
ns-nw.noaa.gov. 86400 IN A 161.55.32.2
ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2;; Query time: 33 msec
;; SERVER: 140.172.17.237#53(140.172.17.237)
;; WHEN: Sat Mar 18 04:30:37 Central Daylight Time 2017
;; MSG SIZE rcvd: 332Their ipv6 dns is what seems to be having an issue..
Their dns only seems shitty via ipv6..
-
In the domain override it is only aviationweather.gov
I was just saying I can type in anything behind our it works, but with a www. In front on didn'tThat's weird, I don't have ipv6 configured.
-
Just because you do not have it configured doesn't mean pfsense is not using it.. Does your isp hand you an ipv6 address on your wan?
Do simple query to their ns direct via dig or nslookup.. What is your response time? Do you get an answer.. keep in mind that www.aviationweather.gov is cname that points to
;; ANSWER SECTION:
www.aviationweather.gov. 120 IN CNAME aviationweather.ncep.noaa.gov.
aviationweather.ncep.noaa.gov. 300 IN CNAME aviationweather.cp.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov. 86400 IN A 140.90.101.207 -
Does your isp hand you an ipv6 address on your wan?
Yes, if I turn on DHCP6 on WAN I get issued an ipv6 address, I had thought that if that was set to none that I wouldn't be using ipv6 over the internet?
Do simple query to their ns direct via dig or nslookup.. What is your response time?
Looks like ~77ms
[2.4.0-BETA][admin@netbox.netdomain]/root: dig 140.90.33.237 ; <<>> DiG 9.11.0-P3 <<>> 140.90.33.237 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42083 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;140.90.33.237. IN A ;; AUTHORITY SECTION: . 2213 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017031801 1800 900 604800 86400 ;; Query time: 78 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Mar 18 10:56:30 PDT 2017 ;; MSG SIZE rcvd: 117 [2.4.0-BETA][admin@netbox.netdomain]/root: dig aviationweather.gov @140.90.33.237 ; <<>> DiG 9.11.0-P3 <<>> aviationweather.gov @140.90.33.237 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54013 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 7 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;aviationweather.gov. IN A ;; ANSWER SECTION: aviationweather.gov. 120 IN A 140.90.101.207 ;; AUTHORITY SECTION: aviationweather.gov. 120 IN NS ns-nw.noaa.gov. aviationweather.gov. 120 IN NS ns-mw.noaa.gov. aviationweather.gov. 120 IN NS ns-e.noaa.gov. ;; ADDITIONAL SECTION: ns-e.noaa.gov. 86400 IN A 140.90.33.237 ns-e.noaa.gov. 86400 IN AAAA 2610:20:8000:8c00::237 ns-mw.noaa.gov. 86400 IN A 140.172.17.237 ns-mw.noaa.gov. 86400 IN AAAA 2610:20:8800:8c00::237 ns-nw.noaa.gov. 86400 IN A 161.55.32.2 ns-nw.noaa.gov. 86400 IN AAAA 2610:20:8c00:8c00::2 ;; Query time: 76 msec ;; SERVER: 140.90.33.237#53(140.90.33.237) ;; WHEN: Sat Mar 18 10:56:50 PDT 2017 ;; MSG SIZE rcvd: 260 -
so that sure looks like it works to me.. So just make sure pfsense is not using ipv6 and you shouldn't have any issues. Set your wan to none.
Not sure why you think you need to do overrrides. Query that for www.avaiationweather.gov do you get an answer?
-
It was set to none and is now, I just turned it on so I could answer your question as to whether my ISP is providing an ipv6 address or not. My pfsense box had never used ipv6 though.
x@x-TPadT420:~$ dig aviationweather.gov ; <<>> DiG 9.10.3-P4-Ubuntu <<>> aviationweather.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48639 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;aviationweather.gov. IN A ;; ANSWER SECTION: aviationweather.gov. 68 IN A 140.90.101.207 ;; Query time: 1 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Sat Mar 18 14:03:33 PDT 2017 ;; MSG SIZE rcvd: 64 x@x-TPadT420:~$ dig www.aviationweather.gov ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.aviationweather.gov ;; global options: +cmd ;; connection timed out; no servers could be reached -
";; SERVER: 127.0.1.1#53(127.0.1.1)"
That sure and the hell is not pfsense..
Query your pfsense directly.. You got a caching dnsmasq running on that box.. That is asking what??? Have no idea what its forwarding too..
Do a query to your pfsense directly - with your domain overrides removed!!!
like this..
dig @192.168.9.253 www.aviationweather.gov
; <<>> DiG 9.11.0-P3 <<>> @192.168.9.253 www.aviationweather.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5562
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aviationweather.gov. IN A;; ANSWER SECTION:
www.aviationweather.gov. 120 IN CNAME aviationweather.ncep.noaa.gov.
aviationweather.ncep.noaa.gov. 300 IN CNAME aviationweather.cp.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov. 67481 IN A 140.90.101.207;; AUTHORITY SECTION:
ncep.noaa.gov. 67481 IN NS ns-e.noaa.gov.
ncep.noaa.gov. 67481 IN NS ns-mw.noaa.gov.
ncep.noaa.gov. 67481 IN NS ns-nw.noaa.gov.;; Query time: 156 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Sat Mar 18 16:29:42 Central Daylight Time 2017
;; MSG SIZE rcvd: 200replace that 192.168.9.253 with whatever pfsense IP is on your lan/network your on..
-
x@x-TPadT420:~$ dig @192.168.1.1 www.aviationweather.gov ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.1 www.aviationweather.gov ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached x@x-TPadT420:~$ dig @192.168.1.1 aviationweather.gov ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.1 aviationweather.gov ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached x@x-TPadT420:~$ dig @192.168.1.1 www.google.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.1 www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32878 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 3600 IN A 216.239.38.120 ;; Query time: 1 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sat Mar 18 14:37:34 PDT 2017 ;; MSG SIZE rcvd: 59 -
And did you clear out the domain overrides you were messing with??
Can you talk to their NS directly - you did that previous.. So you got something else going on if you can still talk to them..
Troubleshooting.. What is your unbound log showing you when you up its verbosity? What is simple sniff on your wan showing you when you try and resolve this fqdn? I am having zero issues resolving this domain and that www record.
Its quite possible your having issues talking to their NS via something wrong with your isp, or your path to those networks.. Tracking that down is simple enough..
So what happens when you try and resolve it via pfsense diag, dns lookup?
-
And did you clear out the domain overrides you were messing with??
Can you talk to their NS directly - you did that previous.. So you got something else going on if you can still talk to them..
Yes, I deleted the domain override.
Here's an output that includes the NS:
; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> www.aviation.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60388 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.aviation.gov. IN A ;; AUTHORITY SECTION: gov. 3312 IN SOA a.gov-servers.net. nstld.verisign-grs.com. 1489943401 3600 900 1814400 86400 ;; Query time: 0 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Mar 19 10:47:21 DST 2017 ;; MSG SIZE rcvd: 120 bash@DESKTOP:~$ dig aviation.gov ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> aviation.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 397 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;aviation.gov. IN A ;; AUTHORITY SECTION: gov. 3308 IN SOA a.gov-servers.net. nstld.verisign-grs.com. 1489943401 3600 900 1814400 86400 ;; Query time: 0 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Mar 19 10:47:25 DST 2017 ;; MSG SIZE rcvd: 116 bash@DESKTOP:~$ dig 140.90.33.237 ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> 140.90.33.237 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10308 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;140.90.33.237. IN A ;; AUTHORITY SECTION: . 1751 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017031901 1800 900 604800 86400 ;; Query time: 15 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Mar 19 10:47:29 DST 2017 ;; MSG SIZE rcvd: 117 bash@DESKTOP:~$ dig a.root-servers.net ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> a.root-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54421 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 26 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;a.root-servers.net. IN A ;; ANSWER SECTION: a.root-servers.net. 3599961 IN A 198.41.0.4 ;; AUTHORITY SECTION: root-servers.net. 3599961 IN NS b.root-servers.net. root-servers.net. 3599961 IN NS f.root-servers.net. root-servers.net. 3599961 IN NS i.root-servers.net. root-servers.net. 3599961 IN NS a.root-servers.net. root-servers.net. 3599961 IN NS e.root-servers.net. root-servers.net. 3599961 IN NS g.root-servers.net. root-servers.net. 3599961 IN NS l.root-servers.net. root-servers.net. 3599961 IN NS m.root-servers.net. root-servers.net. 3599961 IN NS d.root-servers.net. root-servers.net. 3599961 IN NS c.root-servers.net. root-servers.net. 3599961 IN NS h.root-servers.net. root-servers.net. 3599961 IN NS j.root-servers.net. root-servers.net. 3599961 IN NS k.root-servers.net. ;; ADDITIONAL SECTION: b.root-servers.net. 516543 IN A 192.228.79.201 c.root-servers.net. 516543 IN A 192.33.4.12 d.root-servers.net. 516543 IN A 199.7.91.13 e.root-servers.net. 516543 IN A 192.203.230.10 f.root-servers.net. 516543 IN A 192.5.5.241 g.root-servers.net. 516543 IN A 192.112.36.4 h.root-servers.net. 516543 IN A 198.97.190.53 i.root-servers.net. 516543 IN A 192.36.148.17 j.root-servers.net. 516543 IN A 192.58.128.30 k.root-servers.net. 516543 IN A 193.0.14.129 l.root-servers.net. 516543 IN A 199.7.83.42 m.root-servers.net. 516543 IN A 202.12.27.33 a.root-servers.net. 516543 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 516543 IN AAAA 2001:500:84::b c.root-servers.net. 516543 IN AAAA 2001:500:2::c d.root-servers.net. 516543 IN AAAA 2001:500:2d::d e.root-servers.net. 516543 IN AAAA 2001:500:a8::e f.root-servers.net. 516543 IN AAAA 2001:500:2f::f g.root-servers.net. 516543 IN AAAA 2001:500:12::d0d h.root-servers.net. 516543 IN AAAA 2001:500:1::53 i.root-servers.net. 516543 IN AAAA 2001:7fe::53 j.root-servers.net. 516543 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 516543 IN AAAA 2001:7fd::1 l.root-servers.net. 516543 IN AAAA 2001:500:9f::42 m.root-servers.net. 516543 IN AAAA 2001:dc3::35 ;; Query time: 46 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Mar 19 10:47:35 DST 2017 ;; MSG SIZE rcvd: 825I attached a screen of the pfsense diag lookup output.
Troubleshooting.. What is your unbound log showing you when you up its verbosity? What is simple sniff on your wan showing you when you try and resolve this fqdn? I am having zero issues resolving this domain and that www record.
Verb=5 was outputting a ton of stuff and filling up the 500 entries in less than a second.
I thought I'd be clever and clear out the resolver.log file so that I could just post the relevant stuff for you. (Diag>Edit File>Select All>Delete>Save)
Apparently that's not smart to do because now it doesn't put anything in there… :o
I tried restarting Resolver, rebooting, updating to latest BETA build, rm /var/log/resolver.log && touch /var/log/resolver.log
It still isn't logging anything.Way to go me.
-
Try this at a shell prompt:
rm /var/log/resolver.log
ls -l /var/log
Get the size of the other logs default is 511488
clog -i -s 511488 /var/log/resolver.log
chmod 600 /var/log/resolver.log
bounce unbound
-
Try this at a shell prompt:
rm /var/log/resolver.log
ls -l /var/log
Get the size of the other logs default is 511488
clog -i -s 511488 /var/log/resolver.log
chmod 600 /var/log/resolver.log
bounce unbound
Thanks! That did the trick! I had assumed that they were just ordinary text files but that makes a lot more sense haha.
Strangely enough….. now my DNS query return is different AND www.aviationweather.gov loads immediately with no problems... :o
The only thing I did different than the last post is accidentally screw up my resolver.log and then get it back up with Derelicts instruction.
Why would a log have any effect at all? Assuming it must have been something else but I can't imagine what? I had already restarted Unbound & rebooted the system a couple of times so that wasn't new.
dig is different now too:
bash@DESKTOP:~$ dig www.aviationweather.gov ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> www.aviationweather.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26880 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.aviationweather.gov. IN A ;; ANSWER SECTION: www.aviationweather.gov. 120 IN CNAME aviationweather.ncep.noaa.gov. aviationweather.ncep.noaa.gov. 7 IN CNAME aviationweather.cp.ncep.noaa.gov. aviationweather.cp.ncep.noaa.gov. 86107 IN A 140.90.101.207 ;; AUTHORITY SECTION: ncep.noaa.gov. 86107 IN NS ns-e.noaa.gov. ncep.noaa.gov. 86107 IN NS ns-mw.noaa.gov. ncep.noaa.gov. 86107 IN NS ns-nw.noaa.gov. ;; Query time: 115 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Mar 19 12:26:55 DST 2017 ;; MSG SIZE rcvd: 200 bash@DESKTOP:~$ dig ns-e.noaa.gov ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> ns-e.noaa.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44300 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ns-e.noaa.gov. IN A ;; ANSWER SECTION: ns-e.noaa.gov. 86079 IN A 140.90.33.237 ;; AUTHORITY SECTION: noaa.gov. 86400 IN NS ns-e.noaa.gov. noaa.gov. 86400 IN NS ns-mw.noaa.gov. noaa.gov. 86400 IN NS ns-nw.noaa.gov. ;; ADDITIONAL SECTION: ns-e.noaa.gov. 86079 IN AAAA 2610:20:8000:8c00::237 ns-mw.noaa.gov. 86079 IN A 140.172.17.237 ns-mw.noaa.gov. 86079 IN AAAA 2610:20:8800:8c00::237 ns-nw.noaa.gov. 86079 IN A 161.55.32.2 ns-nw.noaa.gov. 86079 IN AAAA 2610:20:8c00:8c00::2 ;; Query time: 74 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sun Mar 19 12:27:23 DST 2017 ;; MSG SIZE rcvd: 228
-
It wasn't the log. It is probably just resolving for you now.
