[SOLVED] New SG-1100 DNS Resolver not working
-
Problem
Just purchased a new SG-1100, and went through the setup multiple times, but could never get DNS resolution on my LAN clients.Setup
I have a Frontier FIOS ONT passing CAT5 into my home. That is connected to the WAN on the SG-1100 and my desktop is connected to the LAN. The SG-1100 has an IP address of 10.0.1.1 and is currently handing my PC an address of 10.0.1.10. Gateway is 10.0.1.1 and DNS is 10.0.1.1. I am using Google's DNS servers configured in General Setup and the DNS Resolver (unbound) as shown in the images below. I have been following this article mostly (Troubleshooting Network Connectivity) and discovered the following.- Diagnostics / Ping 8.8.8.8 works from both WAN and LAN
- Diagnositcs / Ping google.com works from both WAN and LAN
- Diagnostics / DNS Lookup for pfsense.org seems to work (see image below)
- My client can ping the SG-1100 LAN IP
- My client can ping the SG-1100 WAN IP
- My client can ping 8.8.8.8
- My client cannot ping google.com
I found this error in Status / System Logs / System / General
/services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1549232565] unbound[11670:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem [1549232565] unbound[11670:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:0906D06C:PEM routines:PEM_read_bio:no start line [1549232565] unbound[11670:0] error: and additionally crypto error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib [1549232565] unbound[11670:0] fatal error: could not set up remote-control'
Under Services / DNS Resolver / Advanced Settings - I set the Log Level to 2.
If I go to Status / System Logs / System / DNS Resolver there doesn't seem to be a lot of activity but I may not understand what I am looking at.Feb 2 19:49:48 dnsmasq 40988 reading /etc/resolv.conf Feb 2 19:49:48 dnsmasq 40988 ignoring nameserver 127.0.0.1 - local interface Feb 2 19:49:48 dnsmasq 40988 using nameserver 8.8.8.8#53 Feb 2 19:49:48 dnsmasq 40988 using nameserver 8.8.4.4#53 Feb 2 19:49:48 dnsmasq 40988 read /etc/hosts - 3 addresses Feb 2 19:50:46 dnsmasq 40988 exiting on receipt of SIGTERM Feb 2 19:50:47 dnsmasq 96352 started, version 2.79 cachesize 10000 Feb 2 19:50:47 dnsmasq 96352 compile time options: IPv6 GNU-getopt no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify Feb 2 19:50:47 dnsmasq 96352 reading /etc/resolv.conf Feb 2 19:50:47 dnsmasq 96352 ignoring nameserver 127.0.0.1 - local interface Feb 2 19:50:47 dnsmasq 96352 using nameserver 8.8.8.8#53 Feb 2 19:50:47 dnsmasq 96352 using nameserver 8.8.4.4#53 Feb 2 19:50:47 dnsmasq 96352 read /etc/hosts - 3 addresses Feb 2 20:00:13 dnsmasq 96352 exiting on receipt of SIGTERM
What I have tried
Two things I've found to "work"- Manually setting the DNS in my network settings to 8.8.8.8. Not really ideal.
- Disabling the DNS Resolver and enabling the DNS Forwarder. This does work but it bugs me that the resolver doesn't work and I'd rather fix it.
Help
Does anyone have any idea what my problem might be or where I can start looking? I've gone through numerous forum and reddit posts where people had DNS issues similar to mine but none of the solutions seemed to work for me.General Setup
DNS Resolver Settings
DNS Lookup
-
Another thing I forgot to mention was that in Status / Services, it appears that unbound is not running.
-
@djacu2 said in New SG-1100 DNS Resolver not working:
unbound_server.pem
https://forum.netgate.com/topic/106011/solved-pfblockerng-reloading-unbound-fails/11
-
Thank you! That was the solution. Copy instructions below.
Under /var/unbound delete the following and reboot.
unbound_control.key
unbound_control.pem
unbound_server.key
unbound_server.pem