Hello all,
after updating the firmware, the DNS no longer works. I use "Unbound DNS" service.
My firewall has a DHCP and DNS services active.
From my PC not all DNS requests are satisfied, but if I put 8.8.8.8 in my pc network as DNS, everything works fine.
For example: going through the firewall the site "answer.microsoft.com" is not resolved.
It seems that the request is not forwarded to other DNS servers.
In System:Settings:General I have the DNS Servers: 8.8.8.8 - 8.8.4.4 all used the WAN Gateway.
May be I have a bad configuration? Has anything changed with the update?
Before upgrading everything works fine.
Thanks for help,
Denis
If you believe unbound isn't running, please drop to the command line and run:
configctl unbound check
Post the output here please.
Hi,
the service is running, this is the result of command:
root@OPNsense:~ # configctl unbound check
[1670530498] unbound-checkconf[36560:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
root@OPNsense:~ #
Thanks
Quote from: sacden on December 08, 2022, 09:17:57 PM
Hi,
the service is running, this is the result of command:
root@OPNsense:~ # configctl unbound check
[1670530498] unbound-checkconf[36560:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
root@OPNsense:~ #
Thanks
So if the issue happens where unbound stops, try the same command again with the service after it stops running, unless I"m misunderstanding what is going on
Hi,
I have disabled the service Unbound DNS and re-run the command.
Sorry nothing is changed, the same error:
[1670531369] unbound-checkconf[64742:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
Quote from: sacden on December 08, 2022, 09:33:09 PM
Hi,
I have disabled the service Unbound DNS and re-run the command.
Sorry nothing is changed, the same error:
[1670531369] unbound-checkconf[64742:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
So, I'm confused, you say that DNS isn't working, but the service is running?
Can you give some examples of what ISN't working?
Hi,
yes sure.
This is my configuration of nic:
....
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IPv4. . . . . . . . . . . . : 192.168.10.55(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
.....
Server DHCP . . . . . . . . . . . . . : 192.168.10.1
Server DNS . . . . . . . . . . . . . : 192.168.10.1
.....
C:\Users\xxxxxxxx>nslookup outlook.live.com
Server: OPNsense.xxxxxxx.xxx
Address: 192.168.10.1
Nome: outlook.live.com
Address: 0.0.0.0
I cannot resolve it.
But if I put the DNS as 8.8.8.8
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IPv4. . . . . . . . . . . . : 192.168.10.55(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
.....
Server DHCP . . . . . . . . . . . . . : 192.168.10.1
Server DNS . . . . . . . . . . . . . : 8.8.8.8
.....
C:\Users\xxxxxxxx>nslookup outlook.live.com
Server: dns.google
Address: 8.8.8.8
Risposta da un server non autorevole:
Nome: ZRH-efz.ms-acdc.office.com
Addresses: 2603:1026:c0b:805::2
2603:1026:c0b:1d::2
2603:1026:c0b:45::2
2603:1026:c0b:16::2
52.97.232.194
52.98.168.178
52.97.186.146
40.99.201.178
Aliases: outlook.live.com
outlook.office365.com
outlook.ha.office365.com
outlook.ms-acdc.office.com
The DNS works.
I hope my example is clear :)
You're sure that Unbound is set to run on the LAN interface you have 192.168.10.1 on?
Hi,
yes it is, I checked.
In a meantime I fixed this error: unbound-checkconf[64742:0] error: duplicate forward zone . ignored
Thanks
Are you using DNS sinkholing? DNSBL? This also should return 0.0.0.0
QuoteNome: outlook.live.com
Address: 0.0.0.0
looks like all works fine. you just using unbound with some DNSBL that hates M$ ;)
Hello all,
thanks so much.
Yes, it was a DNSBL "WindowsSpyBlocker(extra)"