pfsense causing NXDOMAIN errors on Linux Client
-
I am getting the below error on my Ubunu 20.10 client.
"systemd-resolved Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP."
I put a tcpdump on the client and below is a sample of what i'm getting on the client.
I have unbound configured to forward to 1.1.1.1 servers and a Port Forward as follows
Intface=LAN, Protocol TCP/UDP, source any, source ports any, dest !LAN, dest ports 53, NAT IP - LAN Gateway, NAT Port 53.Resolver Network = LAN & Localhost, Outgoing = WAN
Can someone help me understand why this is coming into the LAN and causing the error on the workstation pls.
_gateway.domain > ma78g.net.lan.33265: [udp sum ok] 35931 NXDomain q: PTR? 176.127.142.52.in-addr.arpa. 0/1/0 ns: 127.142.52.in-addr.arpa. SOA prd1.azuredns-cloud.net. msnhst.microsoft.com. 1 900 300 604800 60 (124) _gateway.domain > ma78g.net.lan.48140: [udp sum ok] 1276 NXDomain q: PTR? 124.178.114.40.in-addr.arpa. 0/1/0 ns: 178.114.40.in-addr.arpa. SOA ns1-04.azure-dns.com. azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300 (131) _gateway.domain > ma78g.net.lan.53070: [udp sum ok] 24373 NXDomain q: PTR? 140.34.67.172.in-addr.arpa. 0/1/0 ns: 67.172.in-addr.arpa. SOA cruz.ns.cloudflare.com. dns.cloudflare.com. 2034580120 10000 2400 604800 3600 (106) _gateway.domain > ma78g.net.lan.60522: [udp sum ok] 25740 NXDomain q: PTR? 120.74.67.172.in-addr.arpa. 0/1/0 ns: 67.172.in-addr.arpa. SOA cruz.ns.cloudflare.com. dns.cloudflare.com. 2034580120 10000 2400 604800 3600 (106)
here is a couple more, and i note localhost causes a problem and the dns entry does not resolve
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes _gateway.domain > ma78g.net.lan.47187: [udp sum ok] 59199 NXDomain* q: PTR? 5.26.168.192.in-addr.arpa. 0/1/0 ns: 168.192.in-addr.arpa. SOA localhost. nobody.invalid. 1 3600 1200 604800 10800 (102) _gateway.domain > ma78g.net.lan.38306: [udp sum ok] 46865 NXDomain q: PTR? 233.233.233.233.in-addr.arpa. 0/1/0 ns: 233.in-addr.arpa. SOA sns.dns.icann.org. noc.dns.icann.org. 2021012107 7200 3600 604800 3600 (103)
this is on an ubuntu client with systemd as the resolver