OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: sacden on December 08, 2022, 07:55:15 pm
-
Hello all,
after updating the firmware, the DNS no longer works. I use "Unbound DNS" service.
My firewall has a DHCP and DNS services active.
From my PC not all DNS requests are satisfied, but if I put 8.8.8.8 in my pc network as DNS, everything works fine.
For example: going through the firewall the site "answer.microsoft.com" is not resolved.
It seems that the request is not forwarded to other DNS servers.
In System:Settings:General I have the DNS Servers: 8.8.8.8 - 8.8.4.4 all used the WAN Gateway.
May be I have a bad configuration? Has anything changed with the update?
Before upgrading everything works fine.
Thanks for help,
Denis
-
If you believe unbound isn't running, please drop to the command line and run:
configctl unbound check
Post the output here please.
-
Hi,
the service is running, this is the result of command:
root@OPNsense:~ # configctl unbound check
[1670530498] unbound-checkconf[36560:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
root@OPNsense:~ #
Thanks
-
Hi,
the service is running, this is the result of command:
root@OPNsense:~ # configctl unbound check
[1670530498] unbound-checkconf[36560:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
root@OPNsense:~ #
Thanks
So if the issue happens where unbound stops, try the same command again with the service after it stops running, unless I"m misunderstanding what is going on
-
Hi,
I have disabled the service Unbound DNS and re-run the command.
Sorry nothing is changed, the same error:
[1670531369] unbound-checkconf[64742:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
-
Hi,
I have disabled the service Unbound DNS and re-run the command.
Sorry nothing is changed, the same error:
[1670531369] unbound-checkconf[64742:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
So, I'm confused, you say that DNS isn't working, but the service is running?
Can you give some examples of what ISN't working?
-
Hi,
yes sure.
This is my configuration of nic:
....
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IPv4. . . . . . . . . . . . : 192.168.10.55(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
.....
Server DHCP . . . . . . . . . . . . . : 192.168.10.1
Server DNS . . . . . . . . . . . . . : 192.168.10.1
.....
C:\Users\xxxxxxxx>nslookup outlook.live.com
Server: OPNsense.xxxxxxx.xxx
Address: 192.168.10.1
Nome: outlook.live.com
Address: 0.0.0.0
I cannot resolve it.
But if I put the DNS as 8.8.8.8
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IPv4. . . . . . . . . . . . : 192.168.10.55(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
.....
Server DHCP . . . . . . . . . . . . . : 192.168.10.1
Server DNS . . . . . . . . . . . . . : 8.8.8.8
.....
C:\Users\xxxxxxxx>nslookup outlook.live.com
Server: dns.google
Address: 8.8.8.8
Risposta da un server non autorevole:
Nome: ZRH-efz.ms-acdc.office.com
Addresses: 2603:1026:c0b:805::2
2603:1026:c0b:1d::2
2603:1026:c0b:45::2
2603:1026:c0b:16::2
52.97.232.194
52.98.168.178
52.97.186.146
40.99.201.178
Aliases: outlook.live.com
outlook.office365.com
outlook.ha.office365.com
outlook.ms-acdc.office.com
The DNS works.
I hope my example is clear :)
-
You're sure that Unbound is set to run on the LAN interface you have 192.168.10.1 on?
-
Hi,
yes it is, I checked.
In a meantime I fixed this error: unbound-checkconf[64742:0] error: duplicate forward zone . ignored
Thanks
-
Are you using DNS sinkholing? DNSBL? This also should return 0.0.0.0
-
Nome: outlook.live.com
Address: 0.0.0.0
looks like all works fine. you just using unbound with some DNSBL that hates M$ ;)
-
Hello all,
thanks so much.
Yes, it was a DNSBL "WindowsSpyBlocker(extra)"