DNS question
-
In the pfSense dashboard, under DNS server(s): can someone please help me better understand what ::1 stands for? Sorry to be so dense! Thanks
-
I guess it's the IPv6 loopback address? Perhaps a better question is, can someone help me better understand the loopback process? I'm familiar with calling out whichever DNServer(s) you'd like the router to utilize, but why the loopback process first? Thanks.
-
@stgeorge because its asking unbound, which is listening on loopback - then unbound by default resolves.
-
@stgeorge Put another way, pfSense is (runs) a DNS server (unbound), so it asks itself first. There is a setting in System > General to configure that behavior.
-
@stgeorge said in DNS question:
understand what ::1 stands for?
To make things a bit more 'visible' : have a look at this file /etc/resolv.conf
Every OS - even microsoft windows, has that file.
Typically, it contains :nameserver 127.0.0.1 nameserver ::1 search your-domain.tld
The first two come from here :
and the "search", third, line comes from here :
Unbound, the resolver, listens on this 127.0.0.1 (= ancient IPv4 local host) or the more modern version (invented recently, somewhere around 2006 ^^), the IPv6 equivalent ::1 = also local host.
Now, for an example :
pfSense execute ones in a while a task that checks if there any updates / upgrades avaible.
Here it is :This process will use a host name like 'pkg.pfsense.org' and as always, traffic over the Internet doesn't work with names like that. It wants IP addresses.
So, somewhere in 'pkg-static', the upgrade process, the host name 'pkg.pfsense.org' is converted (== resolve)= into an IP addresses. It could be an IPv4, or an IPv6 (Modern OSes like freebsd prefers IPv6), so our 'pkg-static' uses a system call gethost(), a function offered by FreeBSD**, and this gethost() function will use /etc/resolv.conf to find out where it can find a "DNS server" : it finds 127.0.0.1 or ::1, so it will contact this DNS server at that address, which is where our our unbound, running on the same system ( ! ) , is listening on 127.0.0.1 port 53 UDP and TCP.Now, you'll say : hey, that seems fine, but rather complicated.
The bad news and the good news is : every device around you that uses an OS, so it might as well be your cigarette lighter, or light bulb, and also routers, your watch, PC's, phones, TVs and the list will be long ... uses exactly this method.
It was invented somewhere in the second half part of the last century, and never really never changed since.
So, all this isn't a pfSense thing. This way of handling of 'DNS' is done like this everywhere.** more exact : a C system library I guess.