• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS python mode

Scheduled Pinned Locked Moved DHCP and DNS
3 Posts 2 Posters 813 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    scorpoin
    last edited by Mar 22, 2022, 6:46 AM

    Greetings,

    I've setup update fresh version of pfsense and restore config. Only change I did is in pfblocker-ng and dns resolver to use python mode. Now after forwarding traffic to new server DNS resolver service stopped . I deleted arp and removed stats and started the service of resolver again , but client does not have internet . Client can ping gw but failed to resolve dns.

    I dont get it whats wrong same config is working with unbound resolver,but not with python mode.

    Regards

    G 1 Reply Last reply Mar 22, 2022, 9:56 AM Reply Quote 0
    • G
      Gertjan @scorpoin
      last edited by Mar 22, 2022, 9:56 AM

      @scorpoin

      When you suspect issues, this is not enough :

      bfbf73c4-413f-4e9c-870d-0a2af99f9cad-image.png

      Connect the the console, or better : SSH, and use option 8.

      Now "talk" to ubound directly :

      dig @127.0.0.1 www.google.com
      

      or contact unbound via a LAN interface :

      dig @192.168.1.1 www.google.com
      

      Or even

      dig @192.168.1.1 www.google.com +trace
      dig @127.0.0.1 www.google.com +trace
      

      @scorpoin said in DNS python mode:

      Now after forwarding traffic to new server DNS resolver service stopped

      What did you do ?
      This : Redirecting Client DNS Requests ? ( and this Blocking External Client DNS Queries ? )

      What did the (resolver) logs tell you ?

      Normally, when a LAN device asks for a DHCP lease, it receives an IP, a network, a gateway and a DNS. The last tow are the interface IP of pfSEnse - and normally, unbound is listening on these LAN interface(s). No need to forward traffic elsewhere.
      If you suspect that LAN devices do not use the pfSense resolver, but prefer contacting (example) 8.8.8.8 why not having a talk with them ? And if they do not want to have all these adds blocked, why bother ? Let them have it. They want to communicate all their private DNS requests to 8.8.8.8 ? So be it.

      @scorpoin said in DNS python mode:

      I dont get it whats wrong same config is working with unbound resolver,but not with python mode.

      "Python mode" : to see what the diffrence is :
      Activate unbound mode.
      Get a copy of the /var/unbound/unbound.conf file.
      Activate python mode.
      Get a copy of the /var/unbound/unbound.conf file.

      Now compare the to copies.

      The unbound mode :
      unbound reads the DNSBL files itself into it's memory and uses them.
      For every DNS request, unbound tries to match the host name with the DNSBL in memory.
      If no match, unbound uses it's own cache.
      If no match, unbound goes for a classic resolve.

      phyton mode uses the python scripts file. This script, when it gets executed by python, will read all the DNSBL info.
      For every DNS request, the script file is usd to check for a match.
      If no match, unbound uses it's own cache.
      If no match, unbound goes for a classic resolve.

      So, both approaches are nearly identical.
      Important difference : python mode is faster.
      Python mode works, as most of use are using it. For several years now.

      So, the question is : what is your setup ? Settings ? Find the difference with mine, and you found your answer.

      Btw : I use a very close to default unbound set up. Only "DHCP registration" has been disabled.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      S 1 Reply Last reply Mar 25, 2022, 5:05 AM Reply Quote 0
      • S
        scorpoin @Gertjan
        last edited by Mar 25, 2022, 5:05 AM

        @gertjan Thanks for your response. I will have a close look to your suggestion and get back to you.

        Regards

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received