Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS connections on brand new install pfSense 2.4.5p1

    DHCP and DNS
    2
    4
    62
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emiljan
      last edited by

      Hello,

      I just installed pfSense 2.4.5p1 on a HP T620+ and setup the DNS resolver to resolve my internal domain and set the listening interfaces for LAN and my other internal Interfaces for my LAB.

      When i checked the page under diagnostics page > sockets > show all socket connections, i see 2 connections via TCP/53 to the following:

      ? ? ? ? tcp4 <external-ip>:62381 96.7.49.66:53
      ? ? ? ? tcp4 <external-ip>:30947 96.7.49.66:53

      Normally the other open/listening sockets show a USER ID, COMMAND, PID, and FD, but these only show ? for all that information.

      Running sockstat -4 via SSH shows the same info.

      Im wondering if this is unbound making connections to the root DNS servers for resolution.

      For unbound, i have it set to not forward queries to the upstream DNS servers and DNSSEC support is enabled.

      DNS forwarder is disabled, only DNS resolver is running.

      Thank You,

      S 1 Reply Last reply Reply Quote 0
      • S
        serbus @emiljan
        last edited by serbus

        @emiljan said in DNS connections on brand new install pfSense 2.4.5p1:

        Normally the other open/listening sockets show a USER ID, COMMAND, PID, and FD, but these only show ? for all that information.

        Hello!

        sockstat -4 -s

        might indicate that those sockets are not open/listening. Maybe the processes that owned them has terminated.

        John

        Lex parsimoniae

        1 Reply Last reply Reply Quote 0
        • E
          emiljan
          last edited by

          When I run the command sockstat -4 -s, it does not show the connections, they only appear briefly and then upon refresh they are gone.

          1 Reply Last reply Reply Quote 0
          • E
            emiljan
            last edited by emiljan

            I ran the following:

            sockstat -46 -P tcp,udp -p 53 -s

            USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS       STATE       
unbound  unbound    58092 4  udp4   192.168.1.1:53        *:*
unbound  unbound    58092 5  tcp4   192.168.1.1:53        *:*                   LISTEN
unbound  unbound    58092 6  udp4   10.0.15.1:53          *:*
unbound  unbound    58092 7  tcp4   10.0.15.1:53          *:*                   LISTEN
unbound  unbound    58092 8  udp4   10.0.11.1:53          *:*
unbound  unbound    58092 9  tcp4   10.0.11.1:53          *:*                   LISTEN
unbound  unbound    58092 10 udp4   127.0.0.1:53          *:*
unbound  unbound    58092 11 tcp4   127.0.0.1:53          *:*                   LISTEN
?        ?          ?     ?  tcp4   <public-ip>:27315    199.249.119.1:53      TIME_WAIT
?        ?          ?     ?  tcp4   <public-ip>:3906     199.249.119.1:53      TIME_WAIT
?        ?          ?     ?  tcp4   <public-ip>:23285    96.7.49.66:53         TIME_WAIT
?        ?          ?     ?  tcp4   <public-ip>:52218    84.53.139.64:53       TIME_WAIT

            Looks like it is unbound making the connections, but its not showing as that because they are closing.

            All of the external IP's seem to be NS servers on the web.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post