Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Resolver (Unbound) Host Overrides Stopped Working

    DHCP and DNS
    1
    2
    682
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Xentrk
      Xentrk last edited by

      My host overrides stopped working last night.  Wife complained Internet was not working.  We had a storm.  My gear is hooked up to UPS. I heard them beep two times during the lightning.  But power to the house never went down.

      Upon my investigation, I saw the WAN iface was down. I rebooted pfSense and it came back up. But Unbound had not started.  I was not able to restart it successfully.  I looked at the log and saw the message:

      May 22 09:11:49 	unbound 	8784:0 	error: local-data in redirect zone must reside at top of zone, not at b.scorecardresearch.com. A 0.0.0.0
May 22 09:11:49 	unbound 	8784:0 	fatal error: Could not set up local zones

      Settings:

      
DNS Resolver is ENABLED
Listen Port: 53
Network Interfaces: LAN
Outgoing Network Interfaces:  My three OpenVPN Clients
System Domain Level Zone Type: Transparent
DNSSEC: checked
DNS Query Forwarding: Unchecked
DHCP Registration: Unchecked
Static DHCP: Unchecked
OpenVPN Clients: Unchecked

      I use pfBlockerNG and have these entries in Custom Configuration

      log-queries: yes
server:include: /var/unbound/pfb_dnsbl.*conf

      I have done some searching on the forum and see this error has come up in recent history.  Not sure if a bug was introduced in the 2.4.3-RELEASE-p1.  I updated to 2.4.3-RELEASE-p1 last week. That is the only change I made recently.

      https://forum.pfsense.org/index.php?topic=111197.0
      https://forum.pfsense.org/index.php?topic=134675.msg738333#msg738333

      I tried changing the

      server:include: /var/unbound/pfb_dnsbl.*conf
```to

      server:include: /var/unbound/pfb_dnsbl.conf

      to see if that helps. But it causes pfSense to hang and I have to power cycle the appliance to restore access.

Changing the line above to omit the **server:** per post https://forum.pfsense.org/index.php?topic=134675.msg738333#msg738333 also causes the web gui to hang and I need to power cycle the appliance to restore access.

I will keep investigating and report back if I find any information. 

I removed the Host Overrides so I can use the Internet again. 
![host overrides.JPG](/public/_imported_attachments_/1/host overrides.JPG)
![host overrides.JPG_thumb](/public/_imported_attachments_/1/host overrides.JPG_thumb)

      pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
      Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

      1 Reply Last reply Reply Quote 0
      • Xentrk
        Xentrk last edited by

        I tried to reenter the Host Overrides every morning after first experiencing the issue. I experienced the error message each time. On day four, I did not experience the error message. It has been five days now and the problem has not returned.

        pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
        Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy