DNS resolution issues -- Weird
-
HI...
We recently changed Internet providers. And I noticed that I'm having problems with DNS resolutions. The weird part is that the DNS resolution fails to work after about 6-8 hours of change.To restore functionality, I need to reboot the ISP bridged router and pfsense. Or delete and re-enter DNS settings on the pfsense.
We contacted ISP tech support, and they said it's the firewall, and not the ISP device. Does anyone know what is causing this issue?
pfBlockerNG and DNsBL are disabled, and DNS resolver is enabled. Is there a way to see what's causing this issue
We did not have this issue with the earlier ISP. We changed ISPs because the earlier provider did MAC binding for static WAN IPs. But not the new provider.
-
@ros81 said in DNS resolution issues -- Weird:
To restore functionality, I need to reboot the ISP bridged router and pfsense. Or delete and re-enter DNS settings on the pfsense.
After installing, the resolver (unbound) is set up to work. No other settings are needed. No upstream conditions are needed.
What did you change after installing pfSense ?@ros81 said in DNS resolution issues -- Weird:
pfBlockerNG and DNsBL are disabled
By default, these aren't even installed.
@ros81 said in DNS resolution issues -- Weird:
is there a way to see what's causing this issue
The usual checks.
You know why log files exists.
Higher, if needed, the resolvers log details.
Check also this forum : If you have an issue, chances are huge that some one has the same. So, chances are also that the answer is already in this (part of) forum.Note : unbound is a resolver. That means that it is NOT transmitting your private DNS data to some company. The 13 main root servers are used - then the tld servers and then the domain name servers. I do not think your ISP filters these (if so, leave them now, as they will be out of business anyway very soon).
Can you run :
grep 'start' /var/log/resolver.log
in a console - option 8 ?
It answers the question : how many time unbound restart per day, month, minute ?
When the issue happens :
ps ax | grep 'unbound.conf'
-
@ros81 said in DNS resolution issues -- Weird:
Or delete and re-enter DNS settings on the pfsense.
DNS resolver is enabledBut your forwarding? If your resolving, ie what unbound does out of the box.. There is nothing to enter.. So not sure what re-enter to get it to work?
Could you be specific on how exactly setup for dns? Out of the box unbound just resolves - there is no need to enter anything.. If your pointing to some specific dns?
What version pfsense are you running.. There are some known issues with unbound stopping. Yeah if unbound isn't running dns would stop ;) Be it your forwarding or resolving.
-
@gertjan Thanks. I found that unbound was getting disabled... I restarted the pfsense box, and unbound was enabled, and DNS resolution works...
Any idea what is causing this?
-
@ros81 said in DNS resolution issues -- Weird:
Any idea what is causing this?
Without access to the logs and conditions to check at the moment unbound stops ?
No.Btw : there is only one possibility for unbound to get disabled : by user (admin) interaction in the GUI. pfSense, by itself, doesn't 'disable' services.
So, again :
grep 'start' /var/log/resolver.log
what did you see ?
With
ps ax | grep 'unbound.conf'
you have a more 'cli' way of checking if unbound runs.
-
@gertjan Thanks... Here is the screenshot if I run that command.
-
Classic.
See the other 1000+ forum posts about this phenomenon.
Unbound is restarted (HUPped) by other processes, sometimes several times a minute.For example : compare the DHCP log 'at the same moment' with the resolver log.
Do some thinking.
Do some forum reading (as said, the subject 'unbound restarting" has its own #metoo).And then you do this (uncheck it) :
which is probably the only unbound DNS setting that you should change from default.
Afterwards, don't walk away.
Test for several hours, days.For me, a
grep 'start' /var/log/resolver.log
shows me that unbound doesn't restart .... every day - maybe
And when its restarts, its probably me fooling around with some other packages or interfaces , which could restart unbound.As you can see, it worth the effort 'reading' the log files.
-
I am trying to wrap my head around the same issues.
I cant get DHCP to work unless manually inserting DNS in the setup for the DHCP server.
It doesnt work with the system std. DNS'.
And having crazy things happening combined with Suricata....
-
@cool_corona said in DNS resolution issues -- Weird:
I cant get DHCP to work
The issue (probably) of @ros81 is that his DHCP server is working very well.
Many leases are renewed constantly.
Every time, unbound is HUPped = restarted (reloaded, whatever).@cool_corona said in DNS resolution issues -- Weird:
I cant get DHCP to work unless manually inserting DNS in the setup for the DHCP server.
What do you mean ?
You LAN devices can't get a DHCP lease from the pfSense DHCP server ?
That's something that is working out of the box.
Remember : when you installed pfSense, the very first few minutes, everything worked just great.
Then the admin started to "set up things".....@cool_corona said in DNS resolution issues -- Weird:
Suricata
Detail your Suricata setup, and smeeks will get by and explain how you shot yourself in the foot.
@cool_corona said in DNS resolution issues -- Weird:
manually inserting DNS in the setup for the DHCP server.
When this option is unchecked :
its advisable to enter, for every device that you need to have in your local DNS, the host name, MAC and IP details in the "DHCP Static Mappings" of the DHCP server.
This kind of leases do not trigger unbound as DNS details are loaded statically into the /etc/hosts file. -
@gertjan Thanks... I've followed your instructions.. 12 hrs into the change, and there has not been issues with DNS. I will go to the location in sometime to check the unbound logs.
Thanks again for your help.