ESP32 doesnt get a Hostname resolved with Resolver (Unbound)
-
My problem is as follows: Yesterday I switched from the DNS forwarder to the resolver in pfSense, because I would like to use pfBlockerNG to block ads.
I have a few local A-Records that I would like to get resolved in my home network. So far this has worked wonderfully in the forwarder with the host overrides.I have now stored the same entries in the resolver and activated it. At first, everything seemed to work perfectly... My Windows, iOS and Linux systems can reach all local services via DNS... However, I have two “IoT” devices (ESP32C3 with Arduino framework) which have problems with name resolution.
I then deactivated the resolver again and activated the forwarder: lo and behold, the ESPs were able to resolve the names again. I'm a bit stumped now as I have no idea what the problem could be. Unfortunately, the logs are not very useful either. Do you have any ideas? Which Informations do you need from my pfSense Config to get a clue?
-
@merasil said in ESP32 doesnt get a Hostname resolved with Resolver (Unbound):
I have two “IoT” devices (ESP32C3 with Arduino framework) which have problems with name resolution.
What does it mean, "they have problems"? Are the Arduinos unable to resolve host names generally, but other devices or other subnets are?
What do you get, when you run dig for a local und public host name? -
@viragomann i mean with that, that they (arduinos) are normally able to query a DNS Server and resolve hostnames. With the pfsense forwarder everything works as expected. Even the arduinos are able to resolve hostnames… but as soon as i enable the resolver (and disable the forwarder) they can not resolve hostnames anymore.
I checked Both configs (resolver and forwarder)… every Host entry is the same. They Both listen on udp 53.
All other devices in my Network and Even in the vlan where the arduinos are, Are able to resolve hostnames just fine -
@merasil
In der Resolver config there is an "Access Lists" tab. You can try to add an allow-ACL for the concerned subnet.Normally all pfSense subnets are allowed to access the Resolver automatically without a specific ACL. But maybe there went something wrong in your setup.
-
@viragomann ok so, i tried what you suggested but that didnt worked either. But i think i am maybe on to something. If i connect to that Wifi which is in the same Vlan as the arduinos and i do an nslookup on my laptop, i can still resolve the local hosts, but the answer is comming from an unknown dns server, which does not occure if i do the same from my home wifi vlan. Is that something i should go after and if yes where do i start looking?
C:\Windows\System32>nslookup Standardserver: kvhgi1.local Address: 172.16.0.254 > kvsi6 Server: kvhgi1.local Address: 172.16.0.254 Name: kvsi6.local Address: 172.23.0.3
C:\Windows\System32>nslookup Standardserver: UnKnown Address: 172.24.0.254 > kvsi6 Server: UnKnown Address: 172.24.0.254 Name: kvsi6.local Address: 172.23.0.3
EDIT Got that thing sorted out. Didnt had an A-Record for my pfSense with the VLAN IPs... but i didnt had that one on the forwarder neither. The Problem still persists...
-
@merasil
Without knowing, what you get in fact on the Arduinos, when doing an nslookup or dig, troubleshooting this is pretty a step in the dark and you can just do further try and fail.
So try to disable DNSSEC if its enabled in the Resolver settings. -
@merasil if you use pfsense’s DHCP server, set the ESP with a DHCP reservation and include a “hostname” along with the IP and MAC. That’ll create your A-record. Works great for me.
-
@viragomann So, I've started looking a little deeper. I took a new esp32 and output the dns responses to the serial interface. I noticed that a resolution of kvsi6 or kvsi6.local was not possible, but an alias I had created for kvsi6 with the domain .xyzabc was resolved.
I have now changed my domain from .local to a new name yesterday. This had been on my list for a long time, but I had always avoided it because creating the certificates takes a lot of time. Well... now I've got it behind me :)
Since then, the resolution for the ESPs is working again. It seems that .local is also a problem with ESP32. But why it works with the forwarder, I can't answer. dnsmasq and unbound seem to differ in some way...
TLDR: ESP32 seem to have a problem with .local as a domain. Any other one works. But only if you enter the full domain name. Also within the search domain it is not enough to enter only the hostname without domain. It works with the forwarder!
-
@merasil said in ESP32 doesnt get a Hostname resolved with Resolver (Unbound):
It seems that .local is also a problem ...
Yep.
You've discovered https://en.wikipedia.org/wiki/.local -
@Gertjan yeah i was aware of that Problem. But since Everything worked so far, i didnt put changing my Home Domain to anything else aside.
It is interesting though, that dnsmasq does Not have this Problem but unbound does