Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS connections on brand new install pfSense 2.4.5p1

    DHCP and DNS
    2
    4
    33
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emiljan last edited by

      Hello,

      I just installed pfSense 2.4.5p1 on a HP T620+ and setup the DNS resolver to resolve my internal domain and set the listening interfaces for LAN and my other internal Interfaces for my LAB.

      When i checked the page under diagnostics page > sockets > show all socket connections, i see 2 connections via TCP/53 to the following:

      ? ? ? ? tcp4 <external-ip>:62381 96.7.49.66:53
      ? ? ? ? tcp4 <external-ip>:30947 96.7.49.66:53

      Normally the other open/listening sockets show a USER ID, COMMAND, PID, and FD, but these only show ? for all that information.

      Running sockstat -4 via SSH shows the same info.

      Im wondering if this is unbound making connections to the root DNS servers for resolution.

      For unbound, i have it set to not forward queries to the upstream DNS servers and DNSSEC support is enabled.

      DNS forwarder is disabled, only DNS resolver is running.

      Thank You,

      S 1 Reply Last reply Reply Quote 0
      • S
        serbus @emiljan last edited by serbus

        @emiljan said in DNS connections on brand new install pfSense 2.4.5p1:

        Normally the other open/listening sockets show a USER ID, COMMAND, PID, and FD, but these only show ? for all that information.

        Hello!

        sockstat -4 -s
        

        might indicate that those sockets are not open/listening. Maybe the processes that owned them has terminated.

        John

        1 Reply Last reply Reply Quote 0
        • E
          emiljan last edited by

          When I run the command sockstat -4 -s, it does not show the connections, they only appear briefly and then upon refresh they are gone.

          1 Reply Last reply Reply Quote 0
          • E
            emiljan last edited by emiljan

            I ran the following:

            sockstat -46 -P tcp,udp -p 53 -s
            
            USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS       STATE       
            unbound  unbound    58092 4  udp4   192.168.1.1:53        *:*
            unbound  unbound    58092 5  tcp4   192.168.1.1:53        *:*                   LISTEN
            unbound  unbound    58092 6  udp4   10.0.15.1:53          *:*
            unbound  unbound    58092 7  tcp4   10.0.15.1:53          *:*                   LISTEN
            unbound  unbound    58092 8  udp4   10.0.11.1:53          *:*
            unbound  unbound    58092 9  tcp4   10.0.11.1:53          *:*                   LISTEN
            unbound  unbound    58092 10 udp4   127.0.0.1:53          *:*
            unbound  unbound    58092 11 tcp4   127.0.0.1:53          *:*                   LISTEN
            ?        ?          ?     ?  tcp4   <public-ip>:27315    199.249.119.1:53      TIME_WAIT
            ?        ?          ?     ?  tcp4   <public-ip>:3906     199.249.119.1:53      TIME_WAIT
            ?        ?          ?     ?  tcp4   <public-ip>:23285    96.7.49.66:53         TIME_WAIT
            ?        ?          ?     ?  tcp4   <public-ip>:52218    84.53.139.64:53       TIME_WAIT
            

            Looks like it is unbound making the connections, but its not showing as that because they are closing.

            All of the external IP's seem to be NS servers on the web.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy