DNS python mode
-
Greetings,
I've setup update fresh version of pfsense and restore config. Only change I did is in pfblocker-ng and dns resolver to use python mode. Now after forwarding traffic to new server DNS resolver service stopped . I deleted arp and removed stats and started the service of resolver again , but client does not have internet . Client can ping gw but failed to resolve dns.
I dont get it whats wrong same config is working with unbound resolver,but not with python mode.
Regards
-
When you suspect issues, this is not enough :
Connect the the console, or better : SSH, and use option 8.
Now "talk" to ubound directly :
dig @127.0.0.1 www.google.com
or contact unbound via a LAN interface :
dig @192.168.1.1 www.google.com
Or even
dig @192.168.1.1 www.google.com +trace dig @127.0.0.1 www.google.com +trace
@scorpoin said in DNS python mode:
Now after forwarding traffic to new server DNS resolver service stopped
What did you do ?
This : Redirecting Client DNS Requests ? ( and this Blocking External Client DNS Queries ? )What did the (resolver) logs tell you ?
Normally, when a LAN device asks for a DHCP lease, it receives an IP, a network, a gateway and a DNS. The last tow are the interface IP of pfSEnse - and normally, unbound is listening on these LAN interface(s). No need to forward traffic elsewhere.
If you suspect that LAN devices do not use the pfSense resolver, but prefer contacting (example) 8.8.8.8 why not having a talk with them ? And if they do not want to have all these adds blocked, why bother ? Let them have it. They want to communicate all their private DNS requests to 8.8.8.8 ? So be it.@scorpoin said in DNS python mode:
I dont get it whats wrong same config is working with unbound resolver,but not with python mode.
"Python mode" : to see what the diffrence is :
Activate unbound mode.
Get a copy of the /var/unbound/unbound.conf file.
Activate python mode.
Get a copy of the /var/unbound/unbound.conf file.Now compare the to copies.
The unbound mode :
unbound reads the DNSBL files itself into it's memory and uses them.
For every DNS request, unbound tries to match the host name with the DNSBL in memory.
If no match, unbound uses it's own cache.
If no match, unbound goes for a classic resolve.phyton mode uses the python scripts file. This script, when it gets executed by python, will read all the DNSBL info.
For every DNS request, the script file is usd to check for a match.
If no match, unbound uses it's own cache.
If no match, unbound goes for a classic resolve.So, both approaches are nearly identical.
Important difference : python mode is faster.
Python mode works, as most of use are using it. For several years now.So, the question is : what is your setup ? Settings ? Find the difference with mine, and you found your answer.
Btw : I use a very close to default unbound set up. Only "DHCP registration" has been disabled.
-
@gertjan Thanks for your response. I will have a close look to your suggestion and get back to you.
Regards