DNS Stops working



  • DNS randomly stops working, But Internet is accessible via IPs.

    WAN

    Annotation 2020-01-12 061617.png

    LAN

    Annotation 2020-01-12 061557.png

    Guest

    Annotation 2020-01-12 061649.png

    --------------------------------------------- Logs ------------------------------------------------------------------------------------------------

    Jan 12 06:26:56	unbound	54403:3	debug: cache memory msg=66241 rrset=66072 infra=11045 val=66288
    Jan 12 06:26:56	unbound	54403:3	debug: query took 0.000000 sec
    Jan 12 06:26:56	unbound	54403:3	debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
    Jan 12 06:26:56	unbound	54403:3	debug: mesh_run: validator module exit state is module_finished
    Jan 12 06:26:56	unbound	54403:3	debug: out of query targets -- returning SERVFAIL
    Jan 12 06:26:56	unbound	54403:3	info: G.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: processQueryTargets: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: opened UDP if=0 port=21482
    Jan 12 06:26:56	unbound	54403:3	info: sending query: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: selrtt 376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.36.148.17 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: M.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 192.36.148.17 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: M.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: inserted new pending reply id=ed1b
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 193.0.14.129 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: G.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: processQueryTargets: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: opened UDP if=0 port=63276
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: K.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: B.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	notice: remote address is ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: dnssec status: expected
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
    Jan 12 06:26:56	unbound	54403:3	debug: sending to target: <.> 193.0.14.129#53
    Jan 12 06:26:56	unbound	54403:3	info: sending query: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: H.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 198.41.0.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: EDNS lookup known=0 vs=0
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: H.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: processQueryTargets: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: opened UDP if=0 port=43361
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.41.0.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 192.58.128.30 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: close fd 22
    Jan 12 06:26:56	unbound	54403:3	debug: serviced query UDP timeout=376 msec
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.9.14.201 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: F.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: iter_handle processing q with state QUERY TARGETS STATE
    Jan 12 06:26:56	unbound	54403:3	debug: inserted new pending reply id=6e94
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.5.5.241 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: K.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: B.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	notice: remote address is ip4 192.5.5.241 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: M.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: inserted new pending reply id=ccc6
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: I.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: DelegationPoint<.>: 13 names (0 missing), 13 addrs (12 result, 0 avail) parentNS
    Jan 12 06:26:56	unbound	54403:3	notice: sendto failed: Network is unreachable
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.58.128.30 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.9.14.201 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: F.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: validator operate: query M.ROOT-SERVERS.NET. A IN
    Jan 12 06:26:56	unbound	54403:3	info: resolving M.ROOT-SERVERS.NET. A IN
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: inserted new pending reply id=eecb
    Jan 12 06:26:56	unbound	54403:3	debug: attempt to get extra 2 targets
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.5.5.241 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: A.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: dnssec status: expected
    Jan 12 06:26:56	unbound	54403:3	debug: attempt to get extra 2 targets
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: J.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: A.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	notice: remote address is ip4 193.0.14.129 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: sending to target: <.> 193.0.14.129#53
    Jan 12 06:26:56	unbound	54403:3	info: sending query: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: H.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: processQueryTargets: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: F.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: iter_handle processing q with state QUERY TARGETS STATE
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: G.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: inserted new pending reply id=b19d
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.5.5.241 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: J.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: DelegationPoint<.>: 13 names (0 missing), 13 addrs (6 result, 0 avail) parentNS
    Jan 12 06:26:56	unbound	54403:3	notice: sendto failed: Network is unreachable
    Jan 12 06:26:56	unbound	54403:3	debug: sending to target: <.> 192.112.36.4#53
    Jan 12 06:26:56	unbound	54403:3	info: sending query: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: I.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: DelegationPoint<.>: 13 names (0 missing), 13 addrs (7 result, 0 avail) parentNS
    Jan 12 06:26:56	unbound	54403:3	notice: sendto failed: Network is unreachable
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: C.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: close fd 22
    Jan 12 06:26:56	unbound	54403:3	debug: serviced query UDP timeout=376 msec
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: A.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	notice: remote address is ip4 199.9.14.201 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: dnssec status: expected
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.203.230.10 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: A.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	notice: sendto failed: Network is unreachable
    Jan 12 06:26:56	unbound	54403:3	debug: sending to target: <.> 198.41.0.4#53
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 202.12.27.33 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: L.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: C.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: close of port 16840
    Jan 12 06:26:56	unbound	54403:3	debug: EDNS lookup known=0 vs=0
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 193.0.14.129 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: G.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: processQueryTargets: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: comm point start listening 22
    Jan 12 06:26:56	unbound	54403:3	info: sending query: . NS IN
    Jan 12 06:26:56	unbound	54403:3	debug: selrtt 376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: M.ROOT-SERVERS.NET. * A
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
    Jan 12 06:26:56	unbound	54403:3	info: new pside target L.ROOT-SERVERS.NET. A IN
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.58.128.30 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.41.0.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: D.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: serviced query UDP timeout=376 msec
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.33.4.12 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: G.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: iter_handle processing q with state QUERY TARGETS STATE
    Jan 12 06:26:56	unbound	54403:3	debug: opened UDP if=0 port=14264
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	info: H.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: opened UDP if=0 port=11893
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 192.36.148.17 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: M.ROOT-SERVERS.NET. * A
    Jan 12 06:26:56	unbound	54403:3	info: B.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: dnssec status: expected
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 198.97.190.53 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: M.ROOT-SERVERS.NET. * A
    Jan 12 06:26:56	unbound	54403:3	info: C.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	info: error sending query to auth server ip4 192.58.128.30 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: close fd 22
    Jan 12 06:26:56	unbound	54403:3	debug: EDNS lookup known=0 vs=0
    Jan 12 06:26:56	unbound	54403:3	debug: rtt=376
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.83.42 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	debug: ip4 199.7.91.13 port 53 (len 16)
    Jan 12 06:26:56	unbound	54403:3	info: H.ROOT-SERVERS.NET. * A PSIDE_A
    Jan 12 06:26:56	unbound	54403:3	debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
    Jan 12 06:26:56	unbound	54403:3	notice: sendto failed: Network is unreachable
    Jan 12 06:26:56	unbound	54403:3	debug: selrtt 376
    Jan 12 06:26:56	unbound	54403:3	debug: servselect ip4 192.112.36.4 port 53 (len 16)


  • Hi,

    DNS works from LAN, right after it's installed.

    'Then you made some changes and things stopped working.'

    I can see that :
    You added another interface.
    Changed - at least - the only firewall 'pass-all' rule present on the LAN interface.

    What are your LAN and QUEST firewall rules ?
    Did you change any DNS settings ?



  • @Gertjan
    The last two interfaces have no rules.

    Annotation 2020-01-13 193232.png Annotation 2020-01-13 193257.png Annotation 2020-01-13 193313.png Annotation 2020-01-13 193328.png



  • Remove "WAN_DHCP" here ....
    bbe0fa34-f9dd-47bf-afb8-eb877a69ec29-image.png

    The QUEST network seems fine.



  • @Gertjan Just to let you know DNS stops working on Lan, and guest. I have removed the WANDHCP I'll monitor for few days to see if that happens again or not, thanks



  • I guess you know what you did here (LAN) :

    0c61bcda-d3a3-4f11-a04b-5e6c19298a16-image.png

    DNS traffic is allowed to go to to IP 168.168.40.1 (you did not mention where this IP is : on LAN ? On some other LAN ? - I presume it's some DNS server - looking at the traffic counter, traffic is send to that DNS server)
    The alias "Playstation" (You did not mention if the Playstation does work well - presume, looking at the traffic counters, it does show traffic)
    Your DNS block rule works .... and that's why you said "DNS stops working".
    (so : remove this rule and you'll be fine ^^)

    Just a question : take any device on your LAN, a PC, and type

    ipconfig /all
    

    What is the DNS it's using ?
    Related question : does your DHCP hands over the correct (= 168.168.40.1 )DNS ?



  • @Gertjan 192.168.40.1 is pfsense box ip, I am using it pfblockerng on it, what's why I made those rules, but when DNS stops working PlayStation also are affect, entire lan and guest is effected. This issue doesn't happens all the time, it's like once a week it occurs.



  • @manjotsc said in DNS Stops working:

    192.168.40.1 is pfsense box ip

    Tip : use the build in alias "Firewall itself" (the first in the list).

    @manjotsc said in DNS Stops working:

    it's like once a week it occurs.

    At that moment, check if unbound, the DNS resolver on pfSense is actually running.
    The best way to do that is using console or SSH access, and type

    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep unbound
    76224  -  S         0:55.87 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
    83945  -  Ss       17:13.80 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
    66966  0  S+        0:00.00 grep unbound
    

    As you can see, mine is running for** 17 hours and 13 minutes.

    Also, check the GUI DNS logs : was unbound restarted ? How long did it take ?

    ** edit : see remark @johnpoz below


  • LAYER 8 Global Moderator

    That is showing you cpu time, not elapsed clock time ;)

    If you want to see etime you have to call that out..

    example - find the pid

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: ps ax | grep unbound
    33787  -  Is        0:41.49 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
    25758  0  S+        0:00.00 grep unbound
    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: ps -p 33787 -o etime
         ELAPSED
      1-23:27:48
    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: ps -p 33787 -o etimes
    ELAPSED
     170882
    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: 
    

    Then ask for etime or etimes (which will be in seconds)



  • Nice - thanks.

    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep unbound
    76224  -  S         0:55.96 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
    83945  -  Ss       17:22.86 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
    98238  0  S+        0:00.00 grep unbound
    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps -p 83945 -o etime
         ELAPSED
      4-00:48:20
    

    4 days .... ok for me.



  • @johnpoz @Gertjan This is what I got,

    Annotation 2020-01-14 114508.png



  • @Gertjan @johnpoz My pfsense box uptime 2 Days 5 Hours and outbound is for been running for 17 mintues, is that wierd?


  • LAYER 8 Global Moderator

    well in means its restarting - do you have it registering dhcp? Did you just make a change to host or domain overrides... Did pfblocker update, etc..

    Problem is when restarts cache is lost, while its restarting nothing can respond to dns, etc.



  • @johnpoz @Gertjan Maybe because it set to every hour, for update what's why maybe. And I didn't understand this part " do you have it registering dhcp?" can you tell you check about this, thanks.

    Annotation 2020-01-15 125319.png


Log in to reply