I have that weird problem whenever the upstream dns server is down for some seconds, the opnsense unbound service stops working. All dns requests to the opnsense firewall are answered with "SERVFAIL"
I can see that opnsense still continues to resolve PTR records and its NTP Servers. But no other DNS requests are forwarded to the upstream dns. Restarting the unbound service on opnsense resolves the problem immediately.
I can query the configured dns server directly while the problem ocurs and get an answer.
Firewall Unbound SERVFAIL:
Quote
root@server1:~# dig example.com a @192.168.1.1
; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> example.com a @192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2575
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 26 01:34:46 UTC 2020
;; MSG SIZE rcvd: 40
DNS Server Directly:
Quote
root@server1:~# dig example.com a @192.168.3.2
; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> example.com a @192.168.3.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3065
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 3600 IN A 93.184.216.34
;; Query time: 36 msec
;; SERVER: 192.168.3.2#53(192.168.3.2)
;; WHEN: Tue May 26 01:34:14 UTC 2020
;; MSG SIZE rcvd: 67
I still have the problem with unbound.
Is there some way to migrate all manual overrides to dnsmasq ?