Problem with DNS Resolver and pfBlockerNG [SOLVED]



  • That drives me crazy by the chause that escapes me
    everything is fine on my pfsense
      captive portal squid and everything with DNS Forwarderet, pfBlockerNG configure no problem everything is fine
    but to benefit from the advanced functionality of pfBlockerNG I enabled DNS Resolver enabled
    but when I activate DNS Resolver the problem starts I lose the Internet connection
    Here is the ipconfig.all log, route.print and DNS Resolver Log Entries
    Help me please,
    Last 50 DNS Resolver Log Entries. (Maximum 50)
    Mar 2 17:36:40 unbound 33170:0 notice: Restart of unbound 1.6.6.
    Mar 2 17:37:14 unbound 33170:0 notice: init module 0: validator
    Mar 2 17:37:14 unbound 33170:0 notice: init module 1: iterator
    Mar 2 17:37:14 unbound 33170:0 info: start of service (unbound 1.6.6).
    Mar 2 17:37:14 unbound 33170:0 info: service stopped (unbound 1.6.6).
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 0: 39 queries, 0 answers from cache, 39 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 0: requestlist max 7 avg 4.33333 exceeded 0 jostled 0
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:37:14 unbound 33170:0 notice: Restart of unbound 1.6.6.
    Mar 2 17:37:48 unbound 33170:0 notice: init module 0: validator
    Mar 2 17:37:48 unbound 33170:0 notice: init module 1: iterator
    Mar 2 17:37:48 unbound 33170:0 info: start of service (unbound 1.6.6).
    Mar 2 17:37:48 unbound 33170:0 info: service stopped (unbound 1.6.6).
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 0: 28 queries, 1 answers from cache, 27 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 0: requestlist max 11 avg 7.07407 exceeded 0 jostled 0
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 3: 14 queries, 0 answers from cache, 14 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 3: requestlist max 5 avg 3.35714 exceeded 0 jostled 0
    Mar 2 17:37:48 unbound 33170:0 notice: Restart of unbound 1.6.6.
    Mar 2 17:38:22 unbound 33170:0 notice: init module 0: validator
    Mar 2 17:38:22 unbound 33170:0 notice: init module 1: iterator
    Mar 2 17:38:22 unbound 33170:0 info: start of service (unbound 1.6.6).
    Mar 2 17:38:22 unbound 33170:0 info: service stopped (unbound 1.6.6).
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 0: 41 queries, 0 answers from cache, 41 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 0: requestlist max 7 avg 4.60976 exceeded 0 jostled 0
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
    Mar 2 17:38:22 unbound 33170:0 notice: Restart of unbound 1.6.6.
    Mar 2 17:38:43 dnsmasq 75967 started, version 2.78 cachesize 10000
    Mar 2 17:38:43 dnsmasq 75967 compile time options: IPv6 GNU-getopt no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
    Mar 2 17:38:43 dnsmasq 75967 reading /etc/resolv.conf
    Mar 2 17:38:43 dnsmasq 75967 using nameserver 8.8.8.8#53
    Mar 2 17:38:43 dnsmasq 75967 using nameserver 8.8.4.4#53
    Mar 2 17:38:43 dnsmasq 75967 read /etc/hosts - 3 addresses
    Mar 2 17:38:45 dnsmasq 75967 reading /etc/resolv.conf
    Mar 2 17:38:45 dnsmasq 75967 ignoring nameserver 127.0.0.1 - local interface
    Mar 2 17:38:45 dnsmasq 75967 using nameserver 8.8.8.8#53
    Mar 2 17:38:45 dnsmasq 75967 using nameserver 8.8.4.4#53

    ipconfig.all
    Configuration IP de Windows

    Nom de l'hôte . . . . . . . . . . : Xperia-Zx12
      Suffixe DNS principal . . . . . . :
      Type de noeud. . . . . . . . . .  : Hybride
      Routage IP activé . . . . . . . . : Non
      Proxy WINS activé . . . . . . . . : Non
      Liste de recherche du suffixe DNS.: pirona.com

    Carte Ethernet Ethernet :

    Statut du média. . . . . . . . . . . . : Média déconnecté
      Suffixe DNS propre à la connexion. . . :
      Description. . . . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
      Adresse physique . . . . . . . . . . . : 10-1F-74-F9-DB-66
      DHCP activé. . . . . . . . . . . . . . : Oui
      Configuration automatique activée. . . : Oui

    Carte réseau sans fil Connexion au réseau local* 1 :

    Statut du média. . . . . . . . . . . . : Média déconnecté
      Suffixe DNS propre à la connexion. . . :
      Description. . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
      Adresse physique . . . . . . . . . . . : 08-11-96-92-A5-6D
      DHCP activé. . . . . . . . . . . . . . : Oui
      Configuration automatique activée. . . : Oui

    Carte réseau sans fil Wi-Fi :

    Suffixe DNS propre à la connexion. . . : pirona.com
      Description. . . . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
      Adresse physique . . . . . . . . . . . : 08-11-96-92-A5-6C
      DHCP activé. . . . . . . . . . . . . . : Oui
      Configuration automatique activée. . . : Oui
      Adresse IPv6 de liaison locale. . . . .: fe80::14b3:903:463:855b%5(préféré)
      Adresse IPv4. . . . . . . . . . . . . .: 10.200.2.27(préféré)
      Masque de sous-réseau. . . . . . . . . : 255.255.0.0
      Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11
      Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
      Passerelle par défaut. . . . . . . . . : 10.200.0.254
      Serveur DHCP . . . . . . . . . . . . . : 10.200.0.254
      IAID DHCPv6 . . . . . . . . . . . : 117969302
      DUID de client DHCPv6. . . . . . . . : 00-01-00-01-22-15-3A-11-10-1F-74-F9-DB-66
      Serveurs DNS. . .  . . . . . . . . . . : 10.200.0.254
      NetBIOS sur Tcpip. . . . . . . . . . . : Activé

    Carte Ethernet Connexion réseau Bluetooth :

    Statut du média. . . . . . . . . . . . : Média déconnecté
      Suffixe DNS propre à la connexion. . . :
      Description. . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
      Adresse physique . . . . . . . . . . . : 40-2C-F4-15-B0-86
      DHCP activé. . . . . . . . . . . . . . : Oui
      Configuration automatique activée. . . : Oui

    route.print

    Liste d'Interfaces
      8…10 1f 74 f9 db 66 ......Intel(R) 82579LM Gigabit Network Connection
      3...08 11 96 92 a5 6d ......Microsoft Wi-Fi Direct Virtual Adapter
      5...08 11 96 92 a5 6c ......Intel(R) Centrino(R) Advanced-N 6205
      4...40 2c f4 15 b0 86 ......Bluetooth Device (Personal Area Network)
      1...........................Software Loopback Interface 1

    IPv4 Table de routage

    Itinéraires actifs :
    Destination réseau    Masque réseau  Adr. passerelle  Adr. interface Métrique
              0.0.0.0          0.0.0.0    10.200.0.254      10.200.2.27    45
          10.200.0.0      255.255.0.0        On-link      10.200.2.27    301
          10.200.2.27  255.255.255.255        On-link      10.200.2.27    301
      10.200.255.255  255.255.255.255        On-link      10.200.2.27    301
            127.0.0.0        255.0.0.0        On-link        127.0.0.1    331
            127.0.0.1  255.255.255.255        On-link        127.0.0.1    331
      127.255.255.255  255.255.255.255        On-link        127.0.0.1    331
            224.0.0.0        240.0.0.0        On-link        127.0.0.1    331
            224.0.0.0        240.0.0.0        On-link      10.200.2.27    301
      255.255.255.255  255.255.255.255        On-link        127.0.0.1    331
      255.255.255.255  255.255.255.255        On-link      10.200.2.27    301

    Itinéraires persistants :
      Aucun

    IPv6 Table de routage

    Itinéraires actifs :
    If Metric Network Destination      Gateway
      1    331 ::1/128                  On-link
      5    301 fe80::/64                On-link
      5    301 fe80::14b3:903:463:855b/128
                                        On-link
      1    331 ff00::/8                On-link
      5    301 ff00::/8                On-link

    Itinéraires persistants :
      Aucun

    thank you very much
    ![Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png](/public/imported_attachments/1/Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png)
    ![Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png_thumb](/public/imported_attachments/1/Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png_thumb)



  • I have the same issue



  •    Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11
       Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
    

    Check the DHCP log and you will notice that unbound restart every time a new lease is issued.

    The 'Unbound Resolver Reloads' can take several seconds or more to complete and may temporarily interrupt DNS Resolution until the Resolver has been fully Reloaded with the updated Domain changes. Consider updating the DNSBL Feeds 'Once per Day', if network issues arise.

    So you need to disable  Register DHCP leases in the DNS Resolver under Services / DNS Resolver / General Settings. I use Static Mappings.



  • Why is the DNS Resolver restarting with each DHCP lease ?



  • @RonpfS:

       Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11
       Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
    

    Check the DHCP log and you will notice that unbound restart every time a new lease is issued.

    The 'Unbound Resolver Reloads' can take several seconds or more to complete and may temporarily interrupt DNS Resolution until the Resolver has been fully Reloaded with the updated Domain changes. Consider updating the DNSBL Feeds 'Once per Day', if network issues arise.

    So you need to disable  Register DHCP leases in the DNS Resolver under Services / DNS Resolver / General Settings. I use Static Mappings.

    Thank you for your help
    To disable registry DHCP bails in the DNS resolver and
    Save the static DHCP mappings in the DNS resolver.
    The domain in System> General Setup must also be set to the appropriate value.
    for my configuration, what value should I set in the general configuration for it to work



  • @fmohcine26:

    The domain in System> General Setup must also be set to the appropriate value.
    for my configuration, what value should I set in the general configuration for it to work

    It's Domain under System > General Setup



  • @PakiFo:

    Why is the DNS Resolver restarting with each DHCP lease ?

    It the way DHCP service is implemented. It changes the /var/unbound/dhcpleases_entries.conf and trigger a reload of Unbound for changes to take effect.

    It's possible to add/remove hostname dynamically in unbound with unbound-control, but that demand major re-coding of the DHCP service.



  • @RonpfS:

       Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11
       Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
    

    Check the DHCP log and you will notice that unbound restart every time a new lease is issued.

    The 'Unbound Resolver Reloads' can take several seconds or more to complete and may temporarily interrupt DNS Resolution until the Resolver has been fully Reloaded with the updated Domain changes. Consider updating the DNSBL Feeds 'Once per Day', if network issues arise.

    So you need to disable  Register DHCP leases in the DNS Resolver under Services / DNS Resolver / General Settings. I use Static Mappings.

    thank you very much problem solved


Log in to reply