OPNsense Forum
English Forums => General Discussion => Topic started by: lmnsour on March 04, 2023, 07:45:13 pm
-
For some reason I can't connect with Microsoft sites any updates. Answers.microsoft.com doesn't work and can't connect to Microsoft update servers.
How do I troubleshoot this?
I disabled Suricata, ZenArmor, and Unbound DNS.
Currently I have Unbound DNS connected to Cloudflare DNS over TLS.
I have a firewall rule to rout all DNS queries through OPNSENSE. Until about a week ago, I didn't have any issues so maybe this is from a recent update?
-
How do I troubleshoot this?
maybe this is from a recent update?
Microsoft community works for me with the latest OPNsense.
Simplify your setup by setting your client to external DNS directly (1.1.1.1 if you want to stick to Cloudflare) to confirm your issue is with DNS
Bart...
-
I disabled Unbound DNS and reconfigured OPNSENSE settings for the DNS server and nothing worked. Had to re-enable Unbound DNS to get connection back.
-
I disabled Unbound DNS and reconfigured OPNSENSE settings for the DNS server and nothing worked. Had to re-enable Unbound DNS to get connection back.
So if I disable unboundDNS and disable the DNS over TLS, then manually put the DNS servers into System -> Settings -> General, I get not connection at all.
Did something get corrupted?
-
You will need to refresh the client's DHCP lease, so it picks up the new DNS settings. Also check your DHCP configuration for explicitly specified DNS servers. If you disable Unbound, it cannot serve clients.
-
You will need to refresh the client's DHCP lease, so it picks up the new DNS settings. Also check your DHCP configuration for explicitly specified DNS servers. If you disable Unbound, it cannot serve clients.
Ahh, yeah I figured.
I'm just using the cloudflare DNS servers over TLS but I have a firewall rule to route all DNS queries to the firewall. I think this is what broke MS downloads / MS sites.
How do I go about fixing these. I saw a thread about adding MS certs to the Authorities but it wasn't clear and I don't want to bugger anything up without first getting more info.
-
Mine also crashed recently. To be honest, there have been some problems lately
-
How do I go about fixing these.
Sorry, no idea. I do not mess with Microsoft products talking to Microsoft, Apple products talking to Apple, etc. If I was concerned I would not be running Windows, plain and simple.
Keeping systems maintained and up to date is far more important from a security standpoint.
Kind regards
Patrick
-
How do I go about fixing these.
Sorry, no idea. I do not mess with Microsoft products talking to Microsoft, Apple products talking to Apple, etc. If I was concerned I would not be running Windows, plain and simple.
Keeping systems maintained and up to date is far more important from a security standpoint.
Kind regards
Patrick
This issue for me is with the Firewall rule that re-directs all DNS queries to Opnsense. Microsoft doesn't like this for some reason. Again, I think it can be fixed / configured under System-> Trust -> Authorities / Certificates but I'm still reading up on how to set this up for Microsoft.
In the meantime, I manually set my DNS on my computer and disabled the Firewall rule.
-
Are you using some overly zealous DNS blocklists, possibly?
-
I have the same issue here: a few Microsoft services to not work, if the opensense Unbound DNS server is used.
For now, I've added public DNS servers to the be distributed by DHCP (Services -> DCPv4 -> LAN -> DNS Servers) to the local clients which can therefore lookup directly.
I haven't investigated any further but I guess, it is an issue that Microsoft wants to connect through DNS 853 (SSL/TLS).
-
ok.. I DID investigate. It was the blocklist.
-
It's possible that the recent changes you made to your network configuration could be causing the issue. To troubleshoot, check your firewall rules and DNS settings to ensure they're properly configured for Microsoft services. If you're still facing difficulties, contacting Microsoft support or consulting with network professionals could be helpful. By the way, if you're looking to enhance your Microsoft knowledge, consider exploring Trainocate's microsoft training (https://trainocate.com.my/product-category/microsoft/) courses. They offer a range of courses that can help you navigate and troubleshoot such technical challenges effectively.
-
Thank you for the suggestion. But, although I make damage in various ways, it wasn't because of that. This time :-)
It was blocked by one of the unboundDNS DNSBL blocklists.
As I figured, I guess, it was mainly my understanding of the use of wildcards for the whitelist that was not in line of how opnsense understands it. And, there where 2 or 3 list items, I've added directly manualy from the block log (m.hotmail, outlook.office365 and officeclient.microsoft if I remember right).
n3