No NTP Peers/local DNS resolution not working after 2.5.1
-
So, after upgrading to 2.5.1, I found myself with NTP reporting no NTP peers. I turned on the detailed logging, and it appears that DNS resolution within my pfSense box is not working.
Apr 15 17:33:32 ntpd 46284 retrying DNS ntp.theforest.us: Name does not resolve (8) Apr 15 17:33:32 ntpd 46284 retrying DNS time-e-g.nist.gov: Name does not resolve (8) Apr 15 17:33:32 ntpd 46284 retrying DNS ntp-1.vt.edu: Name does not resolve (8) Apr 15 17:33:32 ntpd 46284 retrying DNS clock.nyc.he.net: Name does not resolve (8)
I had no problems with NTP or DNS resolution prior to the upgrade to 2.5.1, and I can still resolve DNS just fine from hosts on my network, using just pfSense to do so. So I don't know why I can't resolve DNS within my pfSense box.
Settings > General has just 127.0.0.1 as the DNS server, and it will not fall back to remote servers
Services > DNS Resolver is set to listen for requests on all interfacesEdit to add: Status > DNS Resolver shows no statistics related to DNS resolution, as it has in the past.
Edit 2: From a shell, I candig @[lan IP] domain.com
and it will resolve as expected. Without specifying the LAN IP as the server (which I assume will use localhost then, since that's what's in resolv.conf), it simply returns this:
net.c:536: probing sendmsg() with IP_TOS=b8 failed: Can't assign requested address
-
@virgiliomi I was able to get NTP working by disabling pfBlockerNG.
Next I'll see if I can whitelist the NTP pools.
-
@ahking19 I'm pretty sure my issue is DNS resolution within my pfSense box... I don't want to provide IP addresses for my NTP servers though, as all of them have both IPv4 and v6 addresses, so I'd rather they use whichever is best.
-
Yep... this fixed it...
https://forum.netgate.com/topic/162978/unbound-stop-working-on-127-0-0-1-after-2-5-1-upgrade
-
@virgiliomi
I don't want to provide IP addresses for my NTP servers though<<
I wasn't using IP addresses. I was using pool names -> us.pool.ntp.org & time.cloudflare.com
-
@virgiliomi My problem seems different. Removing 127.0.0.1 from General | DNS Server and rebooting doesn't fix the issue.
Stop pfBlockerNG and NTP peers show up.
- running 21.02.2 on SG-1100