DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953
-
ls -al /var/db/pfblockerng/dnsblalias ls -al /var/db/pfblockerng/dnsblorig cat /var/db/pfblockerng/pfbdnsblsuppression.txtCan you try to disable DNSBL, then run a force Update.
Enable DNSBL then run Force Update.If you still have errors, then enable only on DNSBL group with only one URL enabled, run a Force Reload DNSBL and see if it reload unbound.
-
@snowmanut said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:
by removing all my DNS servers in the general setup page.
Why would you have DNS servers listed in the general setup page if your using unbound in resolver mode? Having there sure would not cause any errors since they would never be used, unless you told pfsense not to use 127.0.0.1?
-
When I deleted all the DNS servers in there it wouldn't download any packages from the package manager. When I put 1 back the package manager worked again. Others reported similar behavior on other posts.
I don't think I have told it not to use 127.0.0.1, where would I do that besides the DNS resolver which we already checked?
-
Lets forget pfblocker for a second... Does unbound work when not using pfblocker? Disable pfblocker does your resolver work as it should..
Its right there in the general setup - where you would of set extra dns
I would also uncheck allowing your ISP to hand you dns via dhcp... That checkbox above the one I point out.
Pfsense out of the box resolves, and the only thing it should point to for dns is itself
If you are having issues with unbound working, I would figure that out before you worry about package like pfblocker
-
None of those were checked on general setup. If I remove all DNS servers from the DNS server list the package manager fails to download anything.
Package Manager Blank with no DNS Server listed in setup:
Would having comcast have anything to do with this?
-
Did you try to do nslookup from the pfsense ?
-
Sure your isp could be doing something - but I was on comcast for years and they never dicked with dns that I recall.
Yes try to look up something else, does google resolve? Go to diag, dns lookup - try some stuff in there does anything work?
What does your status resolver show you?
What does the log show is unbound actually starting and listening on 53?
You have pfblocker disabled right? Lets actually validate the resolver is working how it should before you try and throw pfblocker on top of it. Not able to list packages doesn't bode well for a fully functional resolver.
You don't have some vpn setup - what other packages are you running? This should be a clean out of the box pfsense setup!
You don't go throwing extra toys onto something that isn't working in the first place ;) If your ISP is dicking with DNS then you could always use forwarding mode with unbound. But lets actually validate that first, etc.
-
PfblockerNG is off. Ran DNS Lookup and no response on google or pfsense. I can still go to websites when browsing though, weird.
Status of DNS Resolver is blank too:
I have OpenVPN setup for access by my phone to my network. I can disable it. Used this video guide to do it on Lawrence Systems / PC Pickup: https://www.youtube.com/watch?v=7rQ-Tgt3L18&t=656s Works fine for when I need access.
Packages:
-
well from that unbound is not running... So how would your clients resolve anything unless they were suing something else for dns..
Unbound is not working... Get unbound working before you attempt to get pfblocker working.
Restart unbound - what does the unbound log say. UP the log level in unbound.
-
Already have log level at 2, do I need to go higher?
Looks like it is resolving??
-
Still trying figure this out. Unbound is stopping and starting all the time per the logs. Still have forwarder off and no DNS servers in general setup. Pfblocker is turned off. DNS resolver status blank and dnslookup doesn't resolve anything? Is my boxed just messed up or is there issue with unbound or how do I fix this?
-
https://forum.netgate.com/topic/104772/unbound-restarting
https://forum.netgate.com/topic/138449/unbound-restarting-more-frequentlyAlso if you use the Service Watchdog package make sure it does not monitor unbound.
-
@BBcan177 fixed my issue which was unrelated to pfblocker. Somehow my Pfsense became corrupted related to the unbound_control.key and unbound_server.pem. He got it to generate new ones that fixed unbound which in turn got Pfblocker working. We are not sure why it happened but he is reporting issues to them. Owe him for sure, great guy.
-
@SnowmanUT said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:
@BBcan177 fixed my issue which was unrelated to pfblocker. Somehow my Pfsense became corrupted related to the unbound_control.key and unbound_server.pem. He got it to generate new ones that fixed unbound which in turn got Pfblocker working. We are not sure why it happened but he is reporting issues to them. Owe him for sure, great guy.
Can you please post how you were able to get it to generate new unbound_control.key and unbound_server.pem? Mine seems to have the same issue, and it doesn't resolve itself when I restore older known working configs.
-
lol I have the same thing happening as well..
-
@BBcan177 helped me fix it through some remote support. Not sure of the exact commands he ran on the console to fix it. If he sees this post maybe he can provide them.
-
Hope he sees it.. I can't figure this out
-
@SnowmanUT said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:
unbound_control.key
Guys why don't you use the search "unbound_control.key" feature of the forum ?
https://forum.netgate.com/topic/106011/solved-pfblockerng-reloading-unbound-fails/12
Basically remove the cert files, restart unbound or reboot.
-
@RonpfS I did exactly that.. removed keys firstly... didn't work.. renamed /var/unbound to unbound.bak.. restarted same thing.. very stange
-
fixed.. would not work on just restarting DNS.. had to reboot the box.
