DNS Resolver Custom Options Do Not Start on Startup

user2

I have configured DNS Resolver with the custom option:

log-queries: yes

When pfsense is restarted, remote logging does not resume.

2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6

Instead, I must go into the Resolver General Settings, and click Save. Then, everything starts logging to my remote syslogd server.

Any help is appreciated.

Gertjan

Hi,

I entered this (adding #anchor(log-queries: yes)).

0_1547449964392_a5cca6ac-6eaf-45a1-8490-e8ccdb1334ba-image.png

After hitting "Save", unbound restarted.
And my logs, locally and remotely, were getting swamped with query log lines.

RonpfS

@user2 said in DNS Resolver Custom Options Do Not Start on Startup:

When pfsense is restarted, remote logging does not resume.

Next restart, if you don't see any logging, just restart unbound from the Status Service tab. I will probably start logging.

user2

@ronpfs Thank you for responding. It is true that restarting unbound after a pfsense reboot resumes logging. Instead I was hoping (expecting) the unbound settings to start logging automatically. Doesn't it seem odd to go into a service to restart it just after rebooting the pfsense firewall?

user2

@gertjan Thank you for sharing your custom options. It is also my observation that hitting "Save" resumes external logging. However, I was hoping this setting would automatically start upon a pfsense reboot. Maybe this is a bug?

RonpfS

@user2 said in DNS Resolver Custom Options Do Not Start on Startup:

Doesn't it seem odd to go into a service to restart it just after rebooting the pfsense firewall?

It's odd but it's been like that for years.

user2

@ronpfs Hmm... I see. Since this is new to me, I was not expecting it. (I think this is also observed for snort alerts - the need to restart the service after a reboot.) Is there a way to recommend a change?

RonpfS

pfsense demand TLC

ilGino

Hello all,

unfortunately in my experience this still happens on:

2.5.2-RELEASE (amd64)
built on Fri Jul 02 15:33:00 EDT 2021
FreeBSD 12.2-STABLE

Steps to reproduce the issue:

Services > DNS Resolver > General Settings
Custom options set and saved to

server: log-queries: yes

DNS queries are correctly sent to the defined syslog server (don't know if logged locally on pfSense, I'm not interested in that)
reboot pfSense
DNS queries are not correctly sent to the defined syslog server (don't know if logged locally on pfSense, I'm not interested in that)
Status > DNS Resolver > Restart service (or Stop Service && Start Service)
DNS queries again are correctly sent to the defined syslog server (don't know if logged locally on pfSense, I'm not interested in that)

Regards

encrypt1d

I have reproduced this on 2.6.0 CE as well. I only very recently cutover to using resolver instead of forwarder because the forwarder no longer worked for me in 2.6.0.

I log and inspect DNS queries, so I hit this bug right away.

Losing your DNS logs from your SIEM on reboots isn't a good security situation. This deserves some escalated attention.