Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Smooth update to 23.05 w/ a few comments on DNS Resolver forwarding over SSL/TLS

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    2
    4
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      goulou
      last edited by

      Note: the upgrade went fine overall, my comments are specifically related to using the optional SSL/TLS to query DNS Forwarding servers. OK, that said; upgraded 6100 Max. Backup taken then uninstalled what few pkgs were present, including pfBlockerNG at which point I noticed that DNS Resolver was no longer starting up. Planning to throw in a pre-upgrade reboot anyway but that didn't straighten out the DNS Resolver service but had read about (and previously hitting) DNS failing issues running Quad9 and possibly others, simply (temporarily) unchecked: "Use SSL/TLS for outgoing DNS Queries to forwarding servers". Obviously had to try to get DNS back anyway. No problem; just unchecked the SSL/TLS option in Forwarder, saved that and DNS was fine... continued the upgrade from the console to monitor progress. Once back online, re-checked the SSL/TLS option and Resolver seems happy. Additional appliances to get to later with similar configs.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Seems like that might have been more related to removing/adding pfBlocker and maybe your config still referenced something in pfBlocker that was no longer there.

        Toggling DNS over TLS likely didn't do anything but trigger saving the DNS resolver settings without whatever pfBlocker-specific thing was picked there, like a Python mode script.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        G 1 Reply Last reply Reply Quote 0
        • G
          goulou @jimp
          last edited by goulou

          @jimp True, de-installation of PfBlockerNG was immediately followed by DNS Resolver failing to run/restart but re-saving DNS Resolver without SSL/TLS to Forwarding DNS Servers seemed like a next best try to me (since i had run into that quad9 issue along with others reporting essentially the same thing). Assuming you're right then I guess my question would be how else could I have otherwise restored DNS Resolver at that point? Just re-saving the DNS Resolver settings as-is/ no further changes? If so i could try that on at least 1 other not yet upgraded NG appliance later today.

          jimpJ 1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate @goulou
            last edited by

            @goulou said in Smooth update to 23.05 w/ a few comments on DNS Resolver forwarding over SSL/TLS:

            Assuming you're right then I guess my question would be how else could I have otherwise restored DNS Resolver at that point? Just re-saving the DNS Resolver settings as-is/ no further changes? If so i could try that on at least 1 other not yet upgraded NG appliance later today.

            Yes, just re-saving the settings without pfBlockerNG installed would normally be enough. You might want to double check that the custom options area is empty (or at least has no pfBlocker settings) and that the Python mode script is not set to something for pfBlocker.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post