OPNsense Forum
Archive => 23.1 Legacy Series => Topic started by: stuffu on April 21, 2023, 07:43:06 am
-
I don't know where to start and I might have the wrong conclusions.
All was fine until I updated to 23.1.6, after that I have no internet access. It might be unrelated but it seems like an odd coincidence.
It looks in the reports that there is a WAN connection and I have been able to do a speed test. Tried to connect a laptop to the router directly and I still have no remote access and that leads me to DNS issues.
Checked the Unbound DNS report and quad9 reports NOERROR (though I can't recall that I used quad9, where can I change DNS service?)
Edit: I managed to narrow it down. Disabling the adguard port forwarding rule and all is fine. Not sure what broke it though.
-
Adguard plugin isn't ready for 23.1.6. If it was included in our plugins it would have been fixed already, but it's not available from us.
https://github.com/opnsense/core/issues/6513
Cheers,
Franco
-
Same here. i just updated to 23.1.6 and dns names cannot be resolved any more.
i have adguard installed from mimugmail community repo, listening on port 53
adguard uses unbound as upstream dns server
unbound is running on firewall as dns resolver, listening on port 53530
From checking changelog i suspect https://github.com/opnsense/core/commit/9f6df9e5f3057ffb6759e151d7e2f5084a4af33d
Not sure if adguard plugin currently provides dns_ports which is checked now
Anybody can confirm this?
Edit: franco was a little faster, thx
-
Yes that is what I said. Previously the system considered Unbound or Dnsmasq being enabled port 53 which was wrong if that wasn't actually the port being used... so it was good for Adgurad running on port 53 as long as either service was enabled.
The cleanup/feature here is that adguard can now work as standalone as well as bind or dnscrypt-proxy WITHOUT a running unbound or dnsmasq, but in order for this to work it needs to communicate which port it uses and only port 53 is eligible for a core DNS provider...
Cheers,
Franco
-
Hi all, in my case Adguard Home works fine.
Right after updating to 23.1.6. all my devices lost internet access. Reverting to 23.1.5 didn’t solve the problem.
I investigated the issue and found that for whatever reason my DNS port forwarding rules had been changed. I changed them back to what they were before, updated back to 23.1.6 and that seemed to fix it.
-
There seems to be some other weird issues, I briefly had WAN access when disabling adguard but then lost it again. Tried to use the system name servers instead and got it back.
I disabled it again and using DNS over TLS with 853 as port and it seems to work.
When browsing through the settings I found something I don't know where it came from. anyone got an idea where to remove the quad9 dns listed under system name servers? System/Settings/General just have 1.1.1.1 when testing to get DNS back up.
-
I'm hijacking my own post, sorry :)
I figured out the odd DNS that I got fram name servers was due to this setting:
"Allow DNS server list to be overridden by DHCP/PPP on WAN"
Any drawbacks disabling it?
-
There is no direct drawback. Some ISPs seem to hinder using DNSSEC or try to manipulate plain DNS responses, but these cases are rare.
I'd try the option and see if it works. Normally it should.
Cheers,
Franco
-
Thanks for the quick reply. I guess we are all sorted then. Just have to live with ads for a while but that's not a big issue really.
-
I'll poke Michael about the Adguard plugin fix and see if he needs any help there.
Cheers,
Franco
-
also have the problem.
it can't be adguardhome.
think rather that it could be a problem with the DHCP server. because all devices that get their IP via the DHCP server have no Internet. all devices with a static IP have internet.
-
I have
- BIND listening on port 53
- AdGuard Home listening on port 5353 forwarding to 127.0.0.1:53
- Port forward NAT rules on all interfaces directing DNS queries to either AdGuard Home or directly to BIND bypassing AdGuard Home
No problem with the update.
-
I'm with Patrick on this one, similar setup yet simpler:
- AdguardHome installed from Michael's repo and up to date - running on 5353
- Port forward NAT rules on all interfaces directing DNS queries to AdGuardHome
- AdGuardHome handles the DoH/DoT
Running without issues on multiple firewalls for more than 6 months and not affected by any updates so far.
-
Of course this is working, that's a different configuration with adguard *not* listening on port 53
With proper NAT rules ports may be changed as workaround too.
But for adguard listening on port 53 there is still something missing, as franco said:
The cleanup/feature here is that adguard can now work as standalone as well as bind or dnscrypt-proxy WITHOUT a running unbound or dnsmasq, but in order for this to work it needs to communicate which port it uses and only port 53 is eligible for a core DNS provider...
-
Yes, this only happens on setups where port 53 is populated by something other than Unbound or Dnsmasq while one or both of them is enabled on another port. As I said the code assumed port 53 works, but it was never validated. Now it's validated not just for Unbound and Dnsmasq but also BIND and Dnscrypt-Proxy, but the downside is that any other DNS provider plugin needs to make itself known to the GUI.
Consider this as being always problematic when you disabled Unbound and Dnsmasq and wanted to run something else on port 53. In those cases the configuration (correctly) assumed that nothing known was providing DNS so it would not send out DNS information via DHCP.
Cheers,
Franco
-
If I have AdGuard configured to use a dedicated VIP on port 53, forwarding queries to Unbound on 127.0.0.1:53, will this update break it?
-
@opn_nwo: I don't know. But the update does not break DHCP or anything else. What it does break is the automatic detection of suitable DNS server setting for a DHCP pool. So should anyone get hit by this new, much better documented and much cleaner, behaviour, then simply ecplicitly set the DNS server in your DHCP pool configuration and you will be just fine.
Therefore I also doubt this will be considered a bug. Possibly the documentation can use some more clarification, but that's it, IMHO.
-
double post
-
Well, I still have issues with my TV VLAN. Since the update to 23.1.6 my stb is not working anymore.
I had not specified a DNS server on this VLAN, however: if I add one it is still not working.
ISP is KPN in the Netherlands.
-
Ciao, anche io ho ADGuard in ascolto sulla 53 che gira su unbound:5353.
Le regole FW e NAT obbligano tutti i client a passare per forza su ADGuard:53 per qualsiasi tipo di richiesta DNS.
Ieri sera ho aggiornato OPNsense ed oggi mi sono trovato con i pc offline. In realtà telegram funziona ed anche i ping verso indirizzi esterni che conosco.
Grazie al post di pmhausen sono andato in Service->DHCPv4->LAN e popolato il campo DNS Server (era vuoto) con l'ip di OPNsense e subito ha iniziato a funzionare tutto correttamente.
Hi, I also have ADGuard listening on 53 which rotates on unbound:5353.
FW and NAT rules force all clients to go to ADGuard:53 for any type of DNS request.
Last night I updated OPNsense and today my clients are offline. Telegram really works and also pings to external ip addresses that I know.
Thanks to pmhausen's post I went to Service->DHCPv4->LAN and populated the DNS Server field (it was empty) with the OPNsense ip and immediately everything started working correctly.
-
It just died on me again. I'm using port 853 on DNS over TLS as default. Tried to use a dedicated name server instead and it still didn't work. Enabling DNS over TLS again and it works as normal. The funny thing here is that I have used the same setup (only difference from earlier setup was adguard running on port 5353) for 12 hours without a problem and all units just now suddenly got cut off.
Edit: Hope I didn't to something very wrong. Renamed the post since it doesn't just have to do with adguard.
-
Well, I still have issues with my TV VLAN. Since the update to 23.1.6 my stb is not working anymore.
I had not specified a DNS server on this VLAN, however: if I add one it is still not working.
ISP is KPN in the Netherlands.
After you added one, did you restart all the client systems? You did add the interface address of your OPNsense in that particular VLAN as the DNS server in DHCP?
-
Yes, I restarted the client (stb). DNS IP's I tried: 196.168.1.1 (=OPNsense), 1.1.1.2/1.0.0.2 and 195.121.1.34/195.121.1.66. The latter two I also tried with only 1 DNS entry (the first mentioned).
-
OPNsense in that particular VLAN is what DHCP would have handed out before the update. So if you set that and only that explicitly, IMHO your network must work.
@franco?
-
I must admit I can't follow this very well. The simple fact is that the DNS service of your choice should bind to both 0.0.0.0 AND :: on port 53 for this to work reliably. Deviating in the form of selecting special interfaces "to listen" or using port forwards to undo some of this makes it so much harder to debug.
My advice is to wait for Michael to fix the Adguard plugin. 23.1.5 *has* to work, otherwise you look at some other misconfiguration that was bound to make itself known at an inconvenient time as it mostly does.
Cheers,
Franco
-
@franco You don't agree that simply setting the DNS server explicitly for DHCP should fix things, too?
-
Well, in theory I agree...but... DHCPv4 server not handing out a DNS server is only the most obvious issue. The same check for a DNS server is used for DHCPv6 server and router advertisements (manual and auto) as well as internal DNS resolution so other types of weird behaviour could be the result leading to unsatisfactory workarounds.
Cheers,
Franco
-
In case it helps troubleshoot (I'm still on 22.7.x).
$ sudo nmap --script broadcast-dhcp-discover
can be used to query the dhcp server's response.
-
Well, in theory I agree...but... DHCPv4 server not handing out a DNS server is only the most obvious issue. The same check for a DNS server is used for DHCPv6 server and router advertisements (manual and auto) as well as internal DNS resolution so other types of weird behaviour could be the result leading to unsatisfactory workarounds.
Understood, thanks. I always set "Do not use the local DNS service as a nameserver for this system" and explicitly configure 127.0.0.1, because I don't like this kind of magic. All configuration should be explicit.
-
Opnsense 23.1.6 does not work with Adguard. If I set the dns in Adguard without going through Unbound there is no internet connection. If I configure Adguard with dns 127.0.0.1 through Unbound it doesn't work either. Disabling Adguard and leaving the dns connections only through Unbound there are no connectivity problems.
-
Don't know if this is related, but in my multiwan setup, in all my vlan interfaces the clients since 23.1.6 are no more getting as DHCP DNS the gateway ip address i.e. 192.168.1.1 (blank in the settings of dhcpv4 of the interface) , but the DNS list of the servers configured in the system-> general per gateway i.e. 1.1.1.1, 8.8.8.8, although the option "Do not use the local DNS service as a nameserver for this system" is Unchecked.
It's like the interfaces are bypassing the local DNS/DHCP service.
-
Hi guys,
I use adguard as a plugin too. Today I updated to 23.1.6 and websites stopped working but 8.8.8.8 was pinging fine so it led me to check DNS settings. I found that my devices receive some IPv6 address as DNS address.
I had blank field under Services->DHCPv4->[LAN]->DNS servers so it used default address and somehow after update this address is an IPv6. I just set this up to my router's IP and everything started to work as it was before update.
-
All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.
-
As the DNS issue seems to manifest in different ways, I figured I post my settings here — it’s really nothing unusual, but maybe this helps in some cases.
Unbound listening port is set to 5353,
AdGuard listens to port 53 and upstream DNS server in AdGuard is set as 127.0.0.1:5353
DNS port forwarding rule: Protocol TCP/UDP, destination LAN net:5353, redirect to 127.0.0.1:5353
As I wrote in a previous post, I also had the DNS issue after updating to 23.1.6, but in my case the port forwarding rule was broken. Once I realized it and entered the exact settings that I had before the update, everything worked fine.
By the way, restoring a saved configuration and reverting back to 23.1.5 both didn’t help, which was odd. I really had to enter the old settings manually to make it work.
-
Unbound: Port 5353
Adguard: Port 53
DHCPV4 DNS servers: IP Opnsense
DNS Adguard: quic://dns0.eu
Everything is working perfectly.
-
Updated without issues. Here's my config:
Unbound on LAN interfaces standard port 53
AdGuard on dedicated VIP on port 53 using 127.0.0.1 ad upstream DNS
DHCP pointing to AdGuard VIP as DNS
-
Updated without issues. Here's my config:
Unbound on LAN interfaces standard port 53
AdGuard on dedicated VIP on port 53 using 127.0.0.1 ad upstream DNS
DHCP pointing to AdGuard VIP as DNS
This works for me, thank you. However I can't get any IPv6 forward to Adguard using Nat portfoward to ::1 and 127.0.0.1.
-
My config:
Unbound: Port 5353
Adguard: Port 53
LAN: DHCPV4 DNS servers: Main Opnsense IP GUEST VLAN: DHCPV4 DNS servers: Guest VLAN Opnsense IPIOT VLAN: DHCPV4 DNS servers: IOT VLAN Opnsense IP
-
@Inxsible - working or broken?
-
All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.
I updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.
-
Hello, for me DNS stopped working correctly after upgrading from 23.1.5_4 to 23.1.6.
I used the following instructions:
https://samuelsson.dev/install-adguard-home-on-an-opnsense-router/
I first solved it by stopping the adguard-plugin and manually entering a DNS_Server.
After that I reset the "Unbound port entry" from 5353 to 53.
-
I had a somewhat different issue. After upgrading to 23.1.6 all machines but one were working just fine.
The machine which ran into problems was my docker host (Proxmox container) which all of a sudden wasn't able to communicate with it's default gateway = OPNsense. A ping to this particular IP would time out, pinging all other IPs on the same network worked fine. Initially this issue looked completely unrelated to the upgrade, because all other machines on the network, including the Proxmox container host, were able to communicate just fine.
After quite a few hours of unsuccessful troubleshooting I finally ran out of ideas and considered, what I thought is a long shot, restoring OPNsense to the previous version. Restore complete and voila, the container was able to communicate to the external world again!?!?
For now I'll stay on 23.1.5…need to find some time to look into this in some more detail
-
I had an issue with DNS aswell.
Using :
Unbound on port 5353 - with DNS over TLS
Adguard on port 53 - pointing to unbound for upstream dns
Also:
I had a nat redirection and firewall rules to block any external dns and redirecting to adguard.
Fix :
Remove the external DNS block and redirection. The rules were applied following this guide : https://homenetworkguy.com/how-to/firewall-rules-cheat-sheet/
-
explicit configuration is working here, it also makes more clear what is actually set/happening
but maybe updated adguard plugin will help too ;) https://github.com/opnsense/core/issues/6513#issuecomment-1518684956
-
I actually use Unbound and I'm impacted with DNS issues as well.
I've never had a NAT rule for port 53, is that maybe my problem?
Hard coding the DNS server IPs to 1.1.1.1 and 8.8.8.8 on all interfaces works, but I'd love to have my local DNS working again.
Thanks
-
@fromUnifi, what if you hard code the interface address of OPNsense in the DHCP settings? The update should not affect DNS per se, but only DHCP picking up the DNS server address automatically. That's why some folks have no problems.
-
All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.
I updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.
Working for me, too.
-
@fromUnifi, what if you hard code the interface address of OPNsense in the DHCP settings? The update should not affect DNS per se, but only DHCP picking up the DNS server address automatically. That's why some folks have no problems.
This works.
Also it turned out there was some IPv6 setting enabled in Unbound. Disabling it and setting everything to use Unbiund seems to be working at the moment.
Thanks!
-
I'm with Patrick on this one, similar setup yet simpler:
- AdguardHome installed from Michael's repo and up to date - running on 5353
- Port forward NAT rules on all interfaces directing DNS queries to AdGuardHome
- AdGuardHome handles the DoH/DoT
Running without issues on multiple firewalls for more than 6 months and not affected by any updates so far.
How did you setup the port forward rules? I did a LAN 53 -> 5353 and when I query the IPV4, it tells me a source mismatch.
```
> test.com
;; reply from unexpected source: 192.168.1.1#5353, expected 192.168.1.1#53
;; reply from unexpected source: 192.168.1.1#5353, expected 192.168.1.1#53
;; reply from unexpected source: 192.168.1.1#5353, expected 192.168.1.1#53
```
I assume I'm missing something super easy.
-
You need to forward to 127.0.0.1:5353, so the reply packet gets routed through the NAT state engine.
-
Sorry if I'm being dense, but that is what I am doing.
I thought the goal was to forward the inbound request to say 192.168.1. 53 to 127.0.0.1 5353 so I get to my AdGuard Home instance.
-
I read your post like you were forwarding to 192.168.1.1:5353 - sorry. In that case (127.0.0.1:5353) it should work, IMHO.
-
No worries - Thanks as it's confusing me. I'll probably do some more testing in the afternoon once I'm more awake as well :)
-
Just quickly checking as all the different configs being discussed (and some with issues not stating their config/setup) is getting confusing!
Am I right to say that the DNS issues only manifest if you're using something for DNS that doesn't correctly register on the port?
So if I'm using Unbound for DNS, with DoT, I should be able to update with no issues? If everything works now on 23.1.5_4 it will work post upgrade? Or do I explicitly have to define the DNS server in the DHCP settings (which would be difficult for ipv6) in 23.1.6?
Thanks.
-
Yes, if you are using the default packages, you'll have no issues.
I just removed AdGuard and added the same 2 blocklists I had in AdGuard into Unbound DNSBL and turned on the reporting in Unbound and that really does everything I wanted anyway without another package installed.
-
Just quickly checking as all the different configs being discussed (and some with issues not stating their config/setup) is getting confusing!
Am I right to say that the DNS issues only manifest if you're using something for DNS that doesn't correctly register on the port?
So if I'm using Unbound for DNS, with DoT, I should be able to update with no issues? If everything works now on 23.1.5_4 it will work post upgrade? Or do I explicitly have to define the DNS server in the DHCP settings (which would be difficult for ipv6) in 23.1.6?
Thanks.
Yes, only if you use Adguard and also only if it runs on port 53. I just uploaded a test pkg, maybe next week it will go into stable
-
Some testers around?
https://github.com/opnsense/core/issues/6513#issuecomment-1527740960
-
After editing /usr/local/etc/pkg/repos/mimugmail.conf and replace /repo/ with /transfer/ only the opnsense update 23.1.6 is listed.
Plugin os-adguardhome-maxit in version 1.9 is not shown, also in the plugin section not.
So a reboot later I was able to install both updates, opnsense and Adguard-plugin. After enabeling the new checkbox it was not working, but a second reboot fix that problem and now its working.
-
Wohoo : 8)
-
Anyone else able to test?
-
Changed config file, checked for updates and got version 1.9 advertised
Installed and working fine w/o rebooting.
I just restarted DHCPd and radvd (not using DHCPv6 though).
Cheers !
-
Anyone else able to test?
I replaced repos with transfer, it seems there is no file or directory found.
Edit: replace the link inside, not rename. My bad. The new version works, but I have configured pihole so for now I round robin to both..for redundancy reason. :P
-
Hi,
after editing /usr/local/etc/pkg/repos/mimugmail.conf and replace /repo/ with /transfer/ I have updated to OPNsense 23.1.6 and to os-adguardhome 1.9.
Since then dhcpd6 does not start anymore.
Otherwise DNS seems to work.
-
Can you reboot and if still exists check the logs?
-
Hi
I enable IPv6 for multiple interfaces + vlan, and Adguard listening without issue. I see IPv6 addresses show up on Adguard's dashboard. However, I have no idea if redirect rule to adguard would force IPv6 as well. Temporarily I add LAN IPv6 to rdr tartget alias. The problem is that I don't have static IPv6, and my ISP changes prefix once a day. Appreciate some example of IPv6 rdr configuration on adguard and opnesne.
Cheers
-
Moin, after the reboot the problem remains.
Here is an excerpt from the logs:
2023-04-30T01:16:00 Notice root reload filter for configured schedules
2023-04-30T01:01:00 Notice root reload filter for configured schedules
2023-04-30T00:51:37 Notice dhclient Creating resolv.conf
2023-04-30T00:46:00 Notice root reload filter for configured schedules
2023-04-30T00:31:00 Notice root reload filter for configured schedules
2023-04-30T00:21:36 Notice dhclient Creating resolv.conf
2023-04-30T00:16:00 Notice root reload filter for configured schedules
2023-04-30T00:01:00 Notice root reload filter for configured schedules
2023-04-29T23:51:37 Notice dhclient Creating resolv.conf
2023-04-29T23:46:00 Notice root reload filter for configured schedules
2023-04-29T23:31:00 Notice root reload filter for configured schedules
2023-04-29T23:28:59 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan10
2023-04-29T23:28:58 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan20
2023-04-29T23:28:58 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0
2023-04-29T23:28:58 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan50
2023-04-29T23:28:57 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan30
2023-04-29T23:28:57 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan40
2023-04-29T23:28:56 Error opnsense /system_general.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T23:28:54 Notice opnsense /system_general.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T23:28:54 Notice opnsense /system_general.php: plugins_configure dhcp ()
2023-04-29T23:28:49 Notice php-cgi /system_general.php: plugins_configure dns (execute task : unbound_configure_do())
2023-04-29T23:28:49 Notice php-cgi /system_general.php: plugins_configure dns (execute task : dnsmasq_configure_do())
2023-04-29T23:28:49 Notice php-cgi /system_general.php: plugins_configure dns ()
2023-04-29T23:28:49 Notice configctl event @ 1682803728.65 exec: system event config_changed
2023-04-29T23:28:49 Notice configctl event @ 1682803728.65 msg: Apr 29 23:28:48 OPNsense.localdomain config[70853]: [2023-04-29T23:28:48+02:00][INFO] config-event: new_config /conf/backup/config-1682803728.6124.xml
2023-04-29T23:28:16 Error opnsense /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '53009'' returned exit code '1', the output was 'kill: 53009: No such process'
2023-04-29T23:27:54 Notice configctl event @ 1682803673.72 exec: system event config_changed
2023-04-29T23:27:54 Notice configctl event @ 1682803673.72 msg: Apr 29 23:27:53 OPNsense.localdomain config[10507]: [2023-04-29T23:27:53+02:00][INFO] config-event: new_config /conf/backup/config-1682803673.6702.xml
2023-04-29T23:27:40 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan10
2023-04-29T23:27:40 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan20
2023-04-29T23:27:40 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0
2023-04-29T23:27:39 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan50
2023-04-29T23:27:39 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan30
2023-04-29T23:27:39 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan40
2023-04-29T23:27:38 Error opnsense /system_general.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T23:27:36 Notice opnsense /system_general.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T23:27:36 Notice opnsense /system_general.php: plugins_configure dhcp ()
2023-04-29T23:27:22 Error php-cgi /system_general.php: The command '/bin/kill -'TERM' '53009'' returned exit code '1', the output was 'kill: 53009: No such process'
2023-04-29T23:27:22 Notice php-cgi /system_general.php: plugins_configure dns (execute task : unbound_configure_do())
2023-04-29T23:27:22 Notice php-cgi /system_general.php: plugins_configure dns (execute task : dnsmasq_configure_do())
2023-04-29T23:27:22 Notice php-cgi /system_general.php: plugins_configure dns ()
2023-04-29T23:27:22 Notice configctl event @ 1682803641.82 exec: system event config_changed
2023-04-29T23:27:22 Notice configctl event @ 1682803641.82 msg: Apr 29 23:27:21 OPNsense.localdomain config[70853]: [2023-04-29T23:27:21+02:00][INFO] config-event: new_config /conf/backup/config-1682803641.7812.xml
2023-04-29T23:27:07 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan10
2023-04-29T23:27:07 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan20
2023-04-29T23:27:07 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0
2023-04-29T23:27:07 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan50
2023-04-29T23:27:06 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan30
2023-04-29T23:27:06 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan40
2023-04-29T23:27:05 Error opnsense /services_unbound.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T23:27:03 Notice opnsense /services_unbound.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T23:27:03 Notice opnsense /services_unbound.php: plugins_configure dhcp ()
2023-04-29T23:26:45 Notice configctl event @ 1682803605.13 exec: system event config_changed
2023-04-29T23:26:45 Notice configctl event @ 1682803605.13 msg: Apr 29 23:26:45 OPNsense.localdomain config[31825]: [2023-04-29T23:26:45+02:00][INFO] config-event: new_config /conf/backup/config-1682803605.0955.xml
2023-04-29T23:21:35 Notice dhclient Creating resolv.conf
2023-04-29T23:16:00 Notice root reload filter for configured schedules
2023-04-29T23:09:42 Error opnsense /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T23:01:00 Notice root reload filter for configured schedules
2023-04-29T23:00:14 Error opnsense /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:54:01 Error opnsense /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:51:33 Notice dhclient Creating resolv.conf
2023-04-29T22:46:13 Error opnsense /system_general.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:46:10 Notice opnsense /system_general.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T22:46:10 Notice opnsense /system_general.php: plugins_configure dhcp ()
2023-04-29T22:46:03 Notice php-cgi /system_general.php: plugins_configure dns (execute task : unbound_configure_do())
2023-04-29T22:46:03 Notice php-cgi /system_general.php: plugins_configure dns (execute task : dnsmasq_configure_do())
2023-04-29T22:46:03 Notice php-cgi /system_general.php: plugins_configure dns ()
2023-04-29T22:46:02 Notice configctl event @ 1682801162.03 exec: system event config_changed
2023-04-29T22:46:02 Notice configctl event @ 1682801162.03 msg: Apr 29 22:46:02 OPNsense.localdomain config[40793]: [2023-04-29T22:46:02+02:00][INFO] config-event: new_config /conf/backup/config-1682801161.9829.xml
2023-04-29T22:46:00 Notice root reload filter for configured schedules
2023-04-29T22:33:00 Error opnsense /services_unbound.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:32:57 Notice opnsense /services_unbound.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T22:32:57 Notice opnsense /services_unbound.php: plugins_configure dhcp ()
2023-04-29T22:32:49 Notice configctl event @ 1682800368.48 exec: system event config_changed
2023-04-29T22:32:49 Notice configctl event @ 1682800368.48 msg: Apr 29 22:32:48 OPNsense.localdomain config[40793]: [2023-04-29T22:32:48+02:00][INFO] config-event: new_config /conf/backup/config-1682800368.4423.xml
2023-04-29T22:31:00 Notice configctl event @ 1682800260.24 exec: system event config_changed
2023-04-29T22:31:00 Notice configctl event @ 1682800260.24 msg: Apr 29 22:31:00 OPNsense.localdomain config[40793]: [2023-04-29T22:31:00+02:00][INFO] config-event: new_config /conf/backup/config-1682800260.1738.xml
2023-04-29T22:31:00 Notice root reload filter for configured schedules
2023-04-29T22:29:54 Notice configctl event @ 1682800193.68 exec: system event config_changed
2023-04-29T22:29:54 Notice configctl event @ 1682800193.68 msg: Apr 29 22:29:53 OPNsense.localdomain config[14015]: [2023-04-29T22:29:53+02:00][INFO] config-event: new_config /conf/backup/config-1682800193.6431.xml
2023-04-29T22:27:45 Error opnsense /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:26:43 Notice configctl event @ 1682800003.03 exec: system event config_changed
2023-04-29T22:26:43 Notice configctl event @ 1682800003.03 msg: Apr 29 22:26:43 OPNsense.localdomain config[63969]: [2023-04-29T22:26:43+02:00][INFO] config-event: new_config /conf/backup/config-1682800002.9742.xml
2023-04-29T22:26:41 Notice syslog-ng Configuration reload finished;
2023-04-29T22:26:41 Notice syslog-ng Configuration reload request received, reloading configuration;
2023-04-29T22:24:25 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan10
2023-04-29T22:24:24 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan20
2023-04-29T22:24:24 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0
2023-04-29T22:24:23 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan50
2023-04-29T22:24:23 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan30
2023-04-29T22:24:23 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan40
2023-04-29T22:24:22 Error opnsense /system_general.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:24:19 Notice opnsense /system_general.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T22:24:19 Notice opnsense /system_general.php: plugins_configure dhcp ()
2023-04-29T22:24:15 Notice php-cgi /system_general.php: plugins_configure dns (execute task : unbound_configure_do())
2023-04-29T22:24:15 Notice php-cgi /system_general.php: plugins_configure dns (execute task : dnsmasq_configure_do())
2023-04-29T22:24:15 Notice php-cgi /system_general.php: plugins_configure dns ()
2023-04-29T22:24:14 Notice configctl event @ 1682799854.35 exec: system event config_changed
2023-04-29T22:24:14 Notice configctl event @ 1682799854.35 msg: Apr 29 22:24:14 OPNsense.localdomain config[13371]: [2023-04-29T22:24:14+02:00][INFO] config-event: new_config /conf/backup/config-1682799854.3173.xml
2023-04-29T22:23:47 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan10
2023-04-29T22:23:47 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan20
2023-04-29T22:23:46 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0
2023-04-29T22:23:46 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan50
2023-04-29T22:23:46 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan30
2023-04-29T22:23:45 Warning opnsense /system_general.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan40
2023-04-29T22:23:45 Error opnsense /system_general.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:23:42 Notice opnsense /system_general.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T22:23:42 Notice opnsense /system_general.php: plugins_configure dhcp ()
2023-04-29T22:23:37 Notice php-cgi /system_general.php: plugins_configure dns (execute task : unbound_configure_do())
2023-04-29T22:23:37 Notice php-cgi /system_general.php: plugins_configure dns (execute task : dnsmasq_configure_do())
2023-04-29T22:23:37 Notice php-cgi /system_general.php: plugins_configure dns ()
2023-04-29T22:23:37 Notice configctl event @ 1682799816.78 exec: system event config_changed
2023-04-29T22:23:37 Notice configctl event @ 1682799816.78 msg: Apr 29 22:23:36 OPNsense.localdomain config[14015]: [2023-04-29T22:23:36+02:00][INFO] config-event: new_config /conf/backup/config-1682799816.7469.xml
2023-04-29T22:23:10 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : webgui_configure_do(,wan))
2023-04-29T22:23:10 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : vxlan_configure_do())
2023-04-29T22:23:05 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan10
2023-04-29T22:23:05 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan20
2023-04-29T22:23:04 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : unbound_configure_do(,wan))
2023-04-29T22:23:04 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : openssh_configure_do(,wan))
2023-04-29T22:23:04 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : opendns_configure_do())
2023-04-29T22:23:04 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0
2023-04-29T22:23:04 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan50
2023-04-29T22:23:03 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan30
2023-04-29T22:23:03 Warning opnsense /services_unbound.php: dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb0_vlan40
2023-04-29T22:23:02 Error opnsense /services_unbound.php: The command '/bin/kill -'TERM' '70094'' returned exit code '1', the output was 'kill: 70094: No such process'
2023-04-29T22:22:59 Notice opnsense /services_unbound.php: plugins_configure dhcp (execute task : dhcpd_dhcp_configure())
2023-04-29T22:22:59 Notice opnsense /services_unbound.php: plugins_configure dhcp ()
-
Hi
I enable IPv6 for multiple interfaces + vlan, and Adguard listening without issue. I see IPv6 addresses show up on Adguard's dashboard. However, I have no idea if redirect rule to adguard would force IPv6 as well. Temporarily I add LAN IPv6 to rdr tartget alias. The problem is that I don't have static IPv6, and my ISP changes prefix once a day. Appreciate some example of IPv6 rdr configuration on adguard and opnesne.
Cheers
But this is not the problem, its about dhcp not handing out the local IP as dns :)
-
Some testers around?
https://github.com/opnsense/core/issues/6513#issuecomment-1527740960
Please all revert again to the origin file, I just pushed the update to all users.
-
Hi
I enable IPv6 for multiple interfaces + vlan, and Adguard listening without issue. I see IPv6 addresses show up on Adguard's dashboard. However, I have no idea if redirect rule to adguard would force IPv6 as well. Temporarily I add LAN IPv6 to rdr tartget alias. The problem is that I don't have static IPv6, and my ISP changes prefix once a day. Appreciate some example of IPv6 rdr configuration on adguard and opnesne.
Cheers
But this is not the problem, its about dhcp not handing out the local IP as dns :)
I see. Does IPv6 DNS records can be looked up over IPv4? Add LAN IPv6 as upstream DNS, I see a lot more IPv6 in logs. With Pihole I can use local-link IPv6 to advoid the dynamic prefix, Adguard doesn't accept it. I'm trying w [::1]:53350 for now. Will look around more. Thank you.
-
Does IPv6 DNS records can be looked up over IPv4?
Of course. If you run dual stack there is no need to have DNS over both protocols from client to recursive server. I use only IPv4. The recursive server needs to have IPv6 connectivity to reach authoritative servers over IPv6.
-
Please all revert again to the origin file, I just pushed the update to all users.
Just for my own edification, I am running Unbound on port 5353 and AdGuard on port 53. The new checkbox tells me to tick it if I'm running AdGuard as primary DNS on port 53. I am, but I don't want to tick it as I am not having the issue described here.
Should the tickbox perhaps instead say "Enable if AdGuard runs on port 53 and you didn't change Unbound to run on a different port" or something like that?
-
You can't run two things on the same port.
You only need the checkbox if you are running AdGuard on 53.
If you are running AdGuard on port 53, you can't be running Unbound or DNSMasq on 53 as you have to change it.
-
Please all revert again to the origin file, I just pushed the update to all users.
Just for my own edification, I am running Unbound on port 5353 and AdGuard on port 53. The new checkbox tells me to tick it if I'm running AdGuard as primary DNS on port 53. I am, but I don't want to tick it as I am not having the issue described here.
Should the tickbox perhaps instead say "Enable if AdGuard runs on port 53 and you didn't change Unbound to run on a different port" or something like that?
If you dont have problems you also wont have any when enabling it
-
Below I posted an issue that I ran into today, but it just disappeared as mysteriously as it occurred. I have no idea what to make of this, as I did absolutely nothing that could have triggered the problem or its solution. I'm just glad it's solved for now.
I'll leave my post here anyway just in case it happens again or sb else experiences something similar.
======
My original post:
I'm puzzled ... everything has been working well on 23.1.6 and I haven't touched anything in the settings (OPNSense or AdGuard) since over a week, but some time last night AdGuardHome all of a sudden stopped processing DNS requests.
AdGuard runs on port 53, Unbound on port 5353
AdGuard's query log is empty, and indeed nothing gets blocked.
DNS requests do get resolved, except for my internal network addresses.
When I redirect all DNS queries directly to 127.0.0.1:5353, then the internal addresses are getting resolved by Unbound, but obviously this bypasses AdGuard altogether.
When I redirect everything to port 127.0.0.1:53, then AdGuard resolves the requests but my devices don't have internet connection.
I then re-installed AdGuard as well as the AdGuard plugin (didn't use it before), checked the box that AdGuard runs on port 53, but the behaviour I described above hasn't changed.
-
If you dont have problems you also wont have any when enabling it
Unfortunately that's not true. Enabling AdGuard to advertise dns_ports with 53 included will be used as a validation against all other DNS servers so that you will get an error message for your actual DNS server running port 53.
So only enable if you have AdGuard on port 53.
Cheers,
Franco
-
Please all revert again to the origin file, I just pushed the update to all users.
Just for my own edification, I am running Unbound on port 5353 and AdGuard on port 53. The new checkbox tells me to tick it if I'm running AdGuard as primary DNS on port 53. I am, but I don't want to tick it as I am not having the issue described here.
Should the tickbox perhaps instead say "Enable if AdGuard runs on port 53 and you didn't change Unbound to run on a different port" or something like that?
Exactly what he said :)
-
I'd been holding off installing 23.1.6 till the AdGuard plugin was updated - once that happened, and this thread indicated things were working, I went for it. I had a few issues (still do) that I thought I'd share. I fully accept this may Just Be Me.
I am using AdGuard on 53, I am not using Unbound, I am not using any NAT rules to redirect 53 to some other port where AdGuard is listening. It's a very basic setup with regards to ports, but, for my specific DNS requirements, it's been working fine.
Upon installing the 1.9 plugin for AdGuard, I enabled the tickbox for listening on 53 (Primary DNS).
Everything reported green and up and running, but, after about a minute, AdGuard stopped responding and the Dashboard said the service was not running. I restarted it, and everything worked fine.
This morning, I rebooted my system and the same thing happened. Everything seemed to start up just fine, but, a minute or two later, AdGuard ceased replying (and I could not reach it on the local port/dashboard for AdGuard). The dashboard was "green" and implied the service was running, and, when the system first booted, DNS worked.
I clicked on restart again, and it's been up ever since. I haven't been able to locate anything in the OPNSense logs that seems salient, but will keep hunting. Again, may Just Be Me, but, thought I'd mention it.
-
Do you update Adguard regulary via its own UI or only the plugin?
-
Regularly through its native UI. I follow their RSS feed for releases, and as soon as something new comes out, I update locally.
Weirdly, since the update, DNS rewrites have been flaky. I have had to disconnect and reconnect network clients to ensure they get rewritten responses. It may be related to IPv6 somehow, so, will look at that.