[SOLVED] New SG-1100 DNS Resolver not working
djacu2 last edited by djacu2
Just purchased a new SG-1100, and went through the setup multiple times, but could never get DNS resolution on my LAN clients.
I have a Frontier FIOS ONT passing CAT5 into my home. That is connected to the WAN on the SG-1100 and my desktop is connected to the LAN. The SG-1100 has an IP address of 10.0.1.1 and is currently handing my PC an address of 10.0.1.10. Gateway is 10.0.1.1 and DNS is 10.0.1.1. I am using Google's DNS servers configured in General Setup and the DNS Resolver (unbound) as shown in the images below. I have been following this article mostly (Troubleshooting Network Connectivity) and discovered the following.
- Diagnostics / Ping 22.214.171.124 works from both WAN and LAN
- Diagnositcs / Ping google.com works from both WAN and LAN
- Diagnostics / DNS Lookup for pfsense.org seems to work (see image below)
- My client can ping the SG-1100 LAN IP
- My client can ping the SG-1100 WAN IP
- My client can ping 126.96.36.199
- My client cannot ping google.com
I found this error in Status / System Logs / System / General
/services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was ' unbound[11670:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem  unbound[11670:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:0906D06C:PEM routines:PEM_read_bio:no start line  unbound[11670:0] error: and additionally crypto error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib  unbound[11670:0] fatal error: could not set up remote-control'
Under Services / DNS Resolver / Advanced Settings - I set the Log Level to 2.
If I go to Status / System Logs / System / DNS Resolver there doesn't seem to be a lot of activity but I may not understand what I am looking at.
Feb 2 19:49:48 dnsmasq 40988 reading /etc/resolv.conf Feb 2 19:49:48 dnsmasq 40988 ignoring nameserver 127.0.0.1 - local interface Feb 2 19:49:48 dnsmasq 40988 using nameserver 188.8.131.52#53 Feb 2 19:49:48 dnsmasq 40988 using nameserver 184.108.40.206#53 Feb 2 19:49:48 dnsmasq 40988 read /etc/hosts - 3 addresses Feb 2 19:50:46 dnsmasq 40988 exiting on receipt of SIGTERM Feb 2 19:50:47 dnsmasq 96352 started, version 2.79 cachesize 10000 Feb 2 19:50:47 dnsmasq 96352 compile time options: IPv6 GNU-getopt no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify Feb 2 19:50:47 dnsmasq 96352 reading /etc/resolv.conf Feb 2 19:50:47 dnsmasq 96352 ignoring nameserver 127.0.0.1 - local interface Feb 2 19:50:47 dnsmasq 96352 using nameserver 220.127.116.11#53 Feb 2 19:50:47 dnsmasq 96352 using nameserver 18.104.22.168#53 Feb 2 19:50:47 dnsmasq 96352 read /etc/hosts - 3 addresses Feb 2 20:00:13 dnsmasq 96352 exiting on receipt of SIGTERM
What I have tried
Two things I've found to "work"
- Manually setting the DNS in my network settings to 22.214.171.124. Not really ideal.
- Disabling the DNS Resolver and enabling the DNS Forwarder. This does work but it bugs me that the resolver doesn't work and I'd rather fix it.
Does anyone have any idea what my problem might be or where I can start looking? I've gone through numerous forum and reddit posts where people had DNS issues similar to mine but none of the solutions seemed to work for me.
DNS Resolver Settings
djacu2 last edited by
Another thing I forgot to mention was that in Status / Services, it appears that unbound is not running.
RonpfS last edited by
djacu2 last edited by
Thank you! That was the solution. Copy instructions below.
Under /var/unbound delete the following and reboot.