Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS question

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 4 Posters 339 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stgeorge
      last edited by

      In the pfSense dashboard, under DNS server(s): can someone please help me better understand what ::1 stands for? Sorry to be so dense! Thanks

      GertjanG 1 Reply Last reply Reply Quote 0
      • S
        stgeorge
        last edited by

        I guess it's the IPv6 loopback address? Perhaps a better question is, can someone help me better understand the loopback process? I'm familiar with calling out whichever DNServer(s) you'd like the router to utilize, but why the loopback process first? Thanks.

        johnpozJ S 2 Replies Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @stgeorge
          last edited by

          @stgeorge because its asking unbound, which is listening on loopback - then unbound by default resolves.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 1
          • S
            SteveITS Galactic Empire @stgeorge
            last edited by

            @stgeorge Put another way, pfSense is (runs) a DNS server (unbound), so it asks itself first. There is a setting in System > General to configure that behavior.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @stgeorge
              last edited by Gertjan

              @stgeorge said in DNS question:

              understand what ::1 stands for?

              To make things a bit more 'visible' : have a look at this file /etc/resolv.conf
              Every OS - even microsoft windows, has that file.
              Typically, it contains :

              nameserver 127.0.0.1
nameserver ::1
search your-domain.tld

              The first two come from here :
              e48ac14a-a64d-44b7-b223-3ec12e8570b1-image.png

              and the "search", third, line comes from here :
              62e7cf8b-0872-4f00-b18d-c9bfb65b869b-image.png

              Unbound, the resolver, listens on this 127.0.0.1 (= ancient IPv4 local host) or the more modern version (invented recently, somewhere around 2006 ^^), the IPv6 equivalent ::1 = also local host.

              Now, for an example :
              pfSense execute ones in a while a task that checks if there any updates / upgrades avaible.
              Here it is :

              c5aa7bf2-0bf3-4f98-a54e-d561c3d27b5f-image.png

              This process will use a host name like 'pkg.pfsense.org' and as always, traffic over the Internet doesn't work with names like that. It wants IP addresses.
              So, somewhere in 'pkg-static', the upgrade process, the host name 'pkg.pfsense.org' is converted (== resolve)= into an IP addresses. It could be an IPv4, or an IPv6 (Modern OSes like freebsd prefers IPv6), so our 'pkg-static' uses a system call gethost(), a function offered by FreeBSD**, and this gethost() function will use /etc/resolv.conf to find out where it can find a "DNS server" : it finds 127.0.0.1 or ::1, so it will contact this DNS server at that address, which is where our our unbound, running on the same system ( ! ) , is listening on 127.0.0.1 port 53 UDP and TCP.

              Now, you'll say : hey, that seems fine, but rather complicated.
              The bad news and the good news is : every device around you that uses an OS, so it might as well be your cigarette lighter, or light bulb, and also routers, your watch, PC's, phones, TVs and the list will be long ... uses exactly this method.
              It was invented somewhere in the second half part of the last century, and never really never changed since.
              So, all this isn't a pfSense thing. This way of handling of 'DNS' is done like this everywhere.

              ** more exact : a C system library I guess.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.