Problem with DNS Resolver and pfBlockerNG [SOLVED]
-
That drives me crazy by the chause that escapes me
everything is fine on my pfsense
captive portal squid and everything with DNS Forwarderet, pfBlockerNG configure no problem everything is fine
but to benefit from the advanced functionality of pfBlockerNG I enabled DNS Resolver enabled
but when I activate DNS Resolver the problem starts I lose the Internet connection
Here is the ipconfig.all log, route.print and DNS Resolver Log Entries
Help me please,
Last 50 DNS Resolver Log Entries. (Maximum 50)
Mar 2 17:36:40 unbound 33170:0 notice: Restart of unbound 1.6.6.
Mar 2 17:37:14 unbound 33170:0 notice: init module 0: validator
Mar 2 17:37:14 unbound 33170:0 notice: init module 1: iterator
Mar 2 17:37:14 unbound 33170:0 info: start of service (unbound 1.6.6).
Mar 2 17:37:14 unbound 33170:0 info: service stopped (unbound 1.6.6).
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 0: 39 queries, 0 answers from cache, 39 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 0: requestlist max 7 avg 4.33333 exceeded 0 jostled 0
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:14 unbound 33170:0 info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:37:14 unbound 33170:0 notice: Restart of unbound 1.6.6.
Mar 2 17:37:48 unbound 33170:0 notice: init module 0: validator
Mar 2 17:37:48 unbound 33170:0 notice: init module 1: iterator
Mar 2 17:37:48 unbound 33170:0 info: start of service (unbound 1.6.6).
Mar 2 17:37:48 unbound 33170:0 info: service stopped (unbound 1.6.6).
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 0: 28 queries, 1 answers from cache, 27 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 0: requestlist max 11 avg 7.07407 exceeded 0 jostled 0
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 3: 14 queries, 0 answers from cache, 14 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:37:48 unbound 33170:0 info: server stats for thread 3: requestlist max 5 avg 3.35714 exceeded 0 jostled 0
Mar 2 17:37:48 unbound 33170:0 notice: Restart of unbound 1.6.6.
Mar 2 17:38:22 unbound 33170:0 notice: init module 0: validator
Mar 2 17:38:22 unbound 33170:0 notice: init module 1: iterator
Mar 2 17:38:22 unbound 33170:0 info: start of service (unbound 1.6.6).
Mar 2 17:38:22 unbound 33170:0 info: service stopped (unbound 1.6.6).
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 0: 41 queries, 0 answers from cache, 41 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 0: requestlist max 7 avg 4.60976 exceeded 0 jostled 0
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Mar 2 17:38:22 unbound 33170:0 info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 2 17:38:22 unbound 33170:0 notice: Restart of unbound 1.6.6.
Mar 2 17:38:43 dnsmasq 75967 started, version 2.78 cachesize 10000
Mar 2 17:38:43 dnsmasq 75967 compile time options: IPv6 GNU-getopt no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Mar 2 17:38:43 dnsmasq 75967 reading /etc/resolv.conf
Mar 2 17:38:43 dnsmasq 75967 using nameserver 8.8.8.8#53
Mar 2 17:38:43 dnsmasq 75967 using nameserver 8.8.4.4#53
Mar 2 17:38:43 dnsmasq 75967 read /etc/hosts - 3 addresses
Mar 2 17:38:45 dnsmasq 75967 reading /etc/resolv.conf
Mar 2 17:38:45 dnsmasq 75967 ignoring nameserver 127.0.0.1 - local interface
Mar 2 17:38:45 dnsmasq 75967 using nameserver 8.8.8.8#53
Mar 2 17:38:45 dnsmasq 75967 using nameserver 8.8.4.4#53ipconfig.all
Configuration IP de WindowsNom de l'hôte . . . . . . . . . . : Xperia-Zx12
Suffixe DNS principal . . . . . . :
Type de noeud. . . . . . . . . . : Hybride
Routage IP activé . . . . . . . . : Non
Proxy WINS activé . . . . . . . . : Non
Liste de recherche du suffixe DNS.: pirona.comCarte Ethernet Ethernet :
Statut du média. . . . . . . . . . . . : Média déconnecté
Suffixe DNS propre à la connexion. . . :
Description. . . . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Adresse physique . . . . . . . . . . . : 10-1F-74-F9-DB-66
DHCP activé. . . . . . . . . . . . . . : Oui
Configuration automatique activée. . . : OuiCarte réseau sans fil Connexion au réseau local* 1 :
Statut du média. . . . . . . . . . . . : Média déconnecté
Suffixe DNS propre à la connexion. . . :
Description. . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Adresse physique . . . . . . . . . . . : 08-11-96-92-A5-6D
DHCP activé. . . . . . . . . . . . . . : Oui
Configuration automatique activée. . . : OuiCarte réseau sans fil Wi-Fi :
Suffixe DNS propre à la connexion. . . : pirona.com
Description. . . . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
Adresse physique . . . . . . . . . . . : 08-11-96-92-A5-6C
DHCP activé. . . . . . . . . . . . . . : Oui
Configuration automatique activée. . . : Oui
Adresse IPv6 de liaison locale. . . . .: fe80::14b3:903:463:855b%5(préféré)
Adresse IPv4. . . . . . . . . . . . . .: 10.200.2.27(préféré)
Masque de sous-réseau. . . . . . . . . : 255.255.0.0
Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11
Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
Passerelle par défaut. . . . . . . . . : 10.200.0.254
Serveur DHCP . . . . . . . . . . . . . : 10.200.0.254
IAID DHCPv6 . . . . . . . . . . . : 117969302
DUID de client DHCPv6. . . . . . . . : 00-01-00-01-22-15-3A-11-10-1F-74-F9-DB-66
Serveurs DNS. . . . . . . . . . . . . : 10.200.0.254
NetBIOS sur Tcpip. . . . . . . . . . . : ActivéCarte Ethernet Connexion réseau Bluetooth :
Statut du média. . . . . . . . . . . . : Média déconnecté
Suffixe DNS propre à la connexion. . . :
Description. . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Adresse physique . . . . . . . . . . . : 40-2C-F4-15-B0-86
DHCP activé. . . . . . . . . . . . . . : Oui
Configuration automatique activée. . . : Ouiroute.print
Liste d'Interfaces
8…10 1f 74 f9 db 66 ......Intel(R) 82579LM Gigabit Network Connection
3...08 11 96 92 a5 6d ......Microsoft Wi-Fi Direct Virtual Adapter
5...08 11 96 92 a5 6c ......Intel(R) Centrino(R) Advanced-N 6205
4...40 2c f4 15 b0 86 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1IPv4 Table de routage
Itinéraires actifs :
Destination réseau Masque réseau Adr. passerelle Adr. interface Métrique
0.0.0.0 0.0.0.0 10.200.0.254 10.200.2.27 45
10.200.0.0 255.255.0.0 On-link 10.200.2.27 301
10.200.2.27 255.255.255.255 On-link 10.200.2.27 301
10.200.255.255 255.255.255.255 On-link 10.200.2.27 301
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.200.2.27 301
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.200.2.27 301Itinéraires persistants :
AucunIPv6 Table de routage
Itinéraires actifs :
If Metric Network Destination Gateway
1 331 ::1/128 On-link
5 301 fe80::/64 On-link
5 301 fe80::14b3:903:463:855b/128
On-link
1 331 ff00::/8 On-link
5 301 ff00::/8 On-linkItinéraires persistants :
Aucunthank you very much
![Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png](/public/imported_attachments/1/Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png)
![Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png_thumb](/public/imported_attachments/1/Screenshot-2018-3-2 pro4545 pirona com - Status Dashboard.png_thumb) -
I have the same issue
-
Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11 Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
Check the DHCP log and you will notice that unbound restart every time a new lease is issued.
The 'Unbound Resolver Reloads' can take several seconds or more to complete and may temporarily interrupt DNS Resolution until the Resolver has been fully Reloaded with the updated Domain changes. Consider updating the DNSBL Feeds 'Once per Day', if network issues arise.
So you need to disable Register DHCP leases in the DNS Resolver under Services / DNS Resolver / General Settings. I use Static Mappings.
-
Why is the DNS Resolver restarting with each DHCP lease ?
-
Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11 Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
Check the DHCP log and you will notice that unbound restart every time a new lease is issued.
The 'Unbound Resolver Reloads' can take several seconds or more to complete and may temporarily interrupt DNS Resolution until the Resolver has been fully Reloaded with the updated Domain changes. Consider updating the DNSBL Feeds 'Once per Day', if network issues arise.
So you need to disable Register DHCP leases in the DNS Resolver under Services / DNS Resolver / General Settings. I use Static Mappings.
Thank you for your help
To disable registry DHCP bails in the DNS resolver and
Save the static DHCP mappings in the DNS resolver.
The domain in System> General Setup must also be set to the appropriate value.
for my configuration, what value should I set in the general configuration for it to work -
The domain in System> General Setup must also be set to the appropriate value.
for my configuration, what value should I set in the general configuration for it to workIt's Domain under System > General Setup
-
Why is the DNS Resolver restarting with each DHCP lease ?
It the way DHCP service is implemented. It changes the /var/unbound/dhcpleases_entries.conf and trigger a reload of Unbound for changes to take effect.
It's possible to add/remove hostname dynamically in unbound with unbound-control, but that demand major re-coding of the DHCP service.
-
Bail obtenu. . . . . . . . . . . . . . : vendredi 2 mars 2018 17:32:11 Bail expirant. . . . . . . . . . . . . : vendredi 2 mars 2018 17:36:51
Check the DHCP log and you will notice that unbound restart every time a new lease is issued.
The 'Unbound Resolver Reloads' can take several seconds or more to complete and may temporarily interrupt DNS Resolution until the Resolver has been fully Reloaded with the updated Domain changes. Consider updating the DNSBL Feeds 'Once per Day', if network issues arise.
So you need to disable Register DHCP leases in the DNS Resolver under Services / DNS Resolver / General Settings. I use Static Mappings.
thank you very much problem solved