• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS Resolver Host Override not working

Scheduled Pinned Locked Moved DHCP and DNS
25 Posts 5 Posters 7.8k Views 5 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    Gertjan @l0rdraiden
    last edited by Jan 28, 2019, 12:03 AM

    @l0rdraiden said in DNS Resolver Host Override not working:

    I guess that my DNS request will be faster in forwarding mode using 1.1.1.1 than in resolver.

    Impossible.
    Check the file /etc/hosts
    There is your host override - so it's already in the resolver cache.

    And if you try to resolve nxxxx.duckdns.org upstream you wind up having the wrong IP - of course.

    Btw : Forwarding ok, but forget about DNSSEC then, as discussed many times already.

    No "help me" PM's please. Use the forum, the community will thank you.
    Edit : and where are the logs ??

    L 1 Reply Last reply Jan 29, 2019, 11:06 AM Reply Quote 0
    • L Offline
      l0rdraiden @Gertjan
      last edited by l0rdraiden Jan 29, 2019, 11:11 AM Jan 29, 2019, 11:06 AM

      @gertjan

      Now I am using DNS resolver as you said with forwarding disable, still the host override works for a while and then it starts to resolve the public IP instead the local IP. What is causing this?

      The thing is if I change any settings in the DNS resolver and then I apply changes the host override works, and then it stops working. So I think something else is causing this.

      When I try to resolve the domain in a browser in pfsense logs appears this (i have added the ***)

      Jan 29 08:18:32 pfsense.homelocal nginx: 2019/01/29 08:18:32 [error] 83403#100162: 262 open() "/usr/local/www/index.php/204" failed (20: Not a directory), client: 192.168.1.30, server: , request: "GET /index.php/204 HTTP/1.1", host: "ne*********.duckdns.org"

      Jan 29 08:03:07 pfsense.homelocal nginx: 2019/01/29 08:03:07 [error] 83100#100167: 260 open() "/usr/local/www/ocs/v1.php/cloud/user" failed (2: No such file or directory), client: 192.168.1.30, server: , request: "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1", host: "tc***s.duckdns.org"

      1 Reply Last reply Reply Quote 0
      • J Offline
        johnpoz LAYER 8 Global Moderator @l0rdraiden
        last edited by johnpoz Jan 29, 2019, 12:02 PM Jan 29, 2019, 11:51 AM

        @l0rdraiden said in DNS Resolver Host Override not working:

        I use resolver because I can configure DNSSEC

        But if your forwarding you throw that out anyway... The resolver is where dnssec happens, if your forwarding its pointless to ask for dnssec info, etc. Your adding extra traffic for no reason.

        Are you using proxy? Or HA proxy?
        What do you have pfsense pointing to for dns? It should only post to loopback if you want it to use your overrides.

        @bahsig said in DNS Resolver Host Override not working:

        your outgoing network interface in dns resolver shows wan only. change this to โ€œallโ€œ or โ€œlocalhostโ€œ. and disable forwarding mode.

        There is no reason to change his outgoing to ALL.. And unless he is using multiple wan, he could for sure just use wan and not have to have localhost selected for outgoing. What is your reasoning behind having to have localhost selected for the outgoing interface?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        L 1 Reply Last reply Jan 29, 2019, 12:07 PM Reply Quote 0
        • L Offline
          l0rdraiden @johnpoz
          last edited by Jan 29, 2019, 12:07 PM

          @johnpoz said in DNS Resolver Host Override not working:

          @l0rdraiden said in DNS Resolver Host Override not working:

          I use resolver because I can configure DNSSEC

          But if your forwarding you throw that out anyway... The resolver is where dnssec happens, if your forwarding its pointless to ask for dnssec info, etc. Your adding extra traffic for no reason.

          Are you using proxy? Or HA proxy?

          What do you have pfsense pointing to for dns? It should only post to loopback if you want it to use your overrides.

          But when I use forwarding to a server like 1.1.1.1 DNSSEC works.

          I'm using nginx with letsencrypt, right now the DNS is working as a resolver and the host override is pointing to the nginx server.
          I am using suricata and pfblockerng in case this matters.

          The funny thing is that If I edit the host override or a setting in the DNS resolver it works for a while, it resolves 192.168.1.220 and then after 15-20 mins or so it resolves again the public IP.

          This was working well in the past but I can't remember what I have changed in order to break it, I will try to disable pfblockerng to see if it changes the behavior.

          1 Reply Last reply Reply Quote 0
          • J Offline
            johnpoz LAYER 8 Global Moderator
            last edited by Jan 29, 2019, 12:08 PM

            @l0rdraiden said in DNS Resolver Host Override not working:

            But when I use forwarding to a server like 1.1.1.1 DNSSEC works.

            If where you forward to does dnssec - then yeah you get dnssec, you don't have to have it checked.. The resolver is what does dnssec.. You asking for it or not asking for it has nothing to do with it the resolver does it or not.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            L 1 Reply Last reply Jan 29, 2019, 12:09 PM Reply Quote 0
            • L Offline
              l0rdraiden @johnpoz
              last edited by Jan 29, 2019, 12:09 PM

              @johnpoz

              But do you know why the host override works for a while and then stops working?

              1 Reply Last reply Reply Quote 0
              • J Offline
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz Jan 29, 2019, 12:11 PM Jan 29, 2019, 12:10 PM

                Not off the top... Trying to figure out what that error is you posted. That is pfsense trying to get something with nginx?

                Do you have pfsense pointing to anything other than localhost for dns?

                In your system widget what does it show for dns?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07 | Lab VMs 2.8, 25.07

                L G 2 Replies Last reply Jan 29, 2019, 3:16 PM Reply Quote 0
                • L Offline
                  l0rdraiden @johnpoz
                  last edited by Jan 29, 2019, 3:16 PM

                  @johnpoz

                  1. Yes but I don't know what is trying to get
                  2. No, DNS general settings is empty and the DNS in the clients is the pfsense IP
                  3. enable up and running.

                  BTW I have disable pfblockerng and now it works fine... so I guess is some kind of incompatibility. I will try to report it to see if I get the dev to read this thread.

                  1 Reply Last reply Reply Quote 0
                  • G Offline
                    Gertjan @johnpoz
                    last edited by Jan 29, 2019, 10:34 PM

                    @johnpoz said in DNS Resolver Host Override not working:

                    That is pfsense trying to get something with nginx?

                    Yeah, what is this :

                    @l0rdraiden said in DNS Resolver Host Override not working:

                    ...... open() "/usr/local/www/index.php/204" failed (20: Not a directory), client: 192.168.1.30, server: , request: "GET /index.php/204 HTTP/1.1", host: "ne*********.duckdns.org"
                    .... open() "/usr/local/www/ocs/v1.php/cloud/user" failed (2: No such file or directory), client: 192.168.1.30, server: , request: "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1", host: "tc***s.duckdns.org"

                    /index.php/204 => this doesn't exists on pfSense (the web server / files ).
                    //ocs/v1.php/cloud/user => same thing.

                    Just the browser who 'thinks' it's connected to some site, but redirected to the pfSense webroot, and obtaining a "non - not here".

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • J Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by Jan 30, 2019, 12:35 AM

                      @Gertjan you think that is something to do with his host override trying to ask pfsense for something... I can not really tell what that error is without more context.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07 | Lab VMs 2.8, 25.07

                      R 1 Reply Last reply Jan 30, 2019, 9:55 PM Reply Quote 0
                      • G Offline
                        Gertjan
                        last edited by Jan 30, 2019, 9:38 PM

                        Realy, .... dono.

                        I guess @l0rdraiden want to reach a local server (coming from local), the server he exposes on the Internet using a duckdns.org DDNS domain name.
                        Local host overrides always worked for me, using the default Resolver.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • J Offline
                          johnpoz LAYER 8 Global Moderator
                          last edited by Jan 30, 2019, 9:40 PM

                          yup zero issue with them.. But I don't see how an error on pfsense for nginx has anything to do with unbound?

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 25.07 | Lab VMs 2.8, 25.07

                          1 Reply Last reply Reply Quote 0
                          • G Offline
                            Gertjan
                            last edited by Jan 30, 2019, 9:45 PM

                            IMHO, the errors are cached URL's in a browser, that thinks it's connected to a webserer (dsame URL) but it is connected to the GUI (or portal web server).
                            It's hitting the server (nginx) with the stored URL's and nginx is complaining about it.
                            I see this all the time on my own web servers : the most strange page requests are popping up - and errored out by the web server.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • R Offline
                              RonpfS @johnpoz
                              last edited by Jan 30, 2019, 9:55 PM

                              @johnpoz said in DNS Resolver Host Override not working:

                              @Gertjan you think that is something to do with his host override trying to ask pfsense for something... I can not really tell what that error is without more context.

                              He disabled Resolver Live Sync in DNSBL and it seems to work fine for now.

                              2.4.5-RELEASE-p1 (amd64)
                              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                              G 1 Reply Last reply Jan 30, 2019, 10:00 PM Reply Quote 0
                              • G Offline
                                Gertjan @RonpfS
                                last edited by Jan 30, 2019, 10:00 PM

                                @ronpfs said in DNS Resolver Host Override not working:

                                Resolver Live Sync

                                I read about this (new ?) option. Not finding much btw.
                                unbound man pages do not mention them.

                                Isn't it a somewhat hidden : "do a restart" ?
                                As far as I know, bind, for example, places "watches" on files, and read them in on the fly when they changed - without a global restart.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                R 1 Reply Last reply Jan 30, 2019, 10:02 PM Reply Quote 0
                                • R Offline
                                  RonpfS @Gertjan
                                  last edited by RonpfS Jan 30, 2019, 10:10 PM Jan 30, 2019, 10:02 PM

                                  @gertjan
                                  It's basically a bunch of unbound-control cmds to change the local-data and local-zone in unbound live db.
                                  Something the DHCP services could do to register new leases.๐Ÿ‘Œ

                                  But now BBcan177 has implemented a Python module to unbound. ๐Ÿ‘.
                                  It's faster, has more functionality and doesn't require GBs of memory for unbound. ๐Ÿ˜‰

                                  2.4.5-RELEASE-p1 (amd64)
                                  Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                  Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                  1 Reply Last reply Reply Quote 0
                                  • G Offline
                                    Gertjan
                                    last edited by Jan 30, 2019, 10:09 PM

                                    Ah, if so, then that looks good.
                                    This should be implement upstream (in pfSense itself).
                                    No more x restarts a minute on big networks, thus no more flushing the DNS cache.

                                    And pfBlockerNG users would be really happy (parsing these mega block files take time every restart).

                                    No "help me" PM's please. Use the forum, the community will thank you.
                                    Edit : and where are the logs ??

                                    1 Reply Last reply Reply Quote 0
                                    • L Offline
                                      l0rdraiden
                                      last edited by Jan 30, 2019, 10:12 PM

                                      The issue is posted here finally
                                      https://forum.netgate.com/topic/140021/dns-resolver-host-override-not-working/21

                                      1 Reply Last reply Reply Quote 0
                                      25 out of 25
                                      • First post
                                        25/25
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                        This community forum collects and processes your personal information.
                                        consent.not_received