DNS Resolver can't start - need help



  • I've been running pfSense for several months. Right now the DNS Resolver can no longer start, even after reboot. I attach the error log for reference here. I even restore the dns resolver setup part from my backup xml file. It didn't help. Need suggestion how to resolve this problem...thanks.
    63ac9d32-2e64-4bff-9e40-7d6622f267c4-image.png


  • LAYER 8

    check if you have something wrong inside "custom options" for dns resolver.
    the problem come from pfblockerng maybe check that, try to uninstall it and reinstall/reconfigure



  • Thank you. I didn’t change anything on pfSense. Is it possible any system file has corrupted?



  • @bthoven said in DNS Resolver can't start - need help:

    Thank you. I didn’t change anything on pfSense. Is it possible any system file has corrupted?

    Doubtful a system file is corrupted. More likey an errant pfBlocker DNSBL list is causing the syntax error. As suggested by @kiokoman, disable DNSBL in pfBlockerNG temporarily. You might even have to reboot the firewall in order for unbound to recreate is configuration file. Sounds like something did write an improper line or two to that file, and DNSBL and pfBlockerNG would be the likely culprit.



  • Thanks. I disabled dnsbl, then the dns resolver can start. I then enable dnsbl, and restart the dns resolver again and it can restart properly. However, it no longer blocks anything.
    8995b238-4a35-4665-afd1-c0dbe9778ad4-image.png



  • You probably need to get pfBlockerNG to rebuild its lists and then write the appropriate information to the unbound configuration file (unbound.conf). However, unless the original problematic DNSBL list has been "fixed', you might get a repeat of the problem.

    If you examine the error message from your system log, you can see that the unbound DNS resolver program is complaining about a syntax error in its configuration file, unbound.conf. That most likely happened because some IP file list entry that was added by the DNSBL part of pfBlockerNG did not get finished or pointed to a non-existent file.



  • Thanks. I forced reload the whole list and it is working fine now. Hope it will last.


Log in to reply