Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: hushcoden on November 24, 2024, 09:00:34 PM

Title: Queries for DNS, not sure what they are for
Post by: hushcoden on November 24, 2024, 09:00:34 PM
I've configured Unbound with DoT and Quad9 servers (9.9.9.9 & 149.112.112.112), and looking at the firewall live view on the WAN interface, I see continual calls to those servers on port 53 (and not 853) where the source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

I'd want to know if that's normal beavhiour or there is something wrong in my configuration.

Tia.
Title: Re: Queries for DNS, not sure what they are for
Post by: dseven on November 24, 2024, 09:38:52 PM
There are some "ifs, ands and buts" around how the OPNsense host itself resolves DNS, primarily controlled via System -> Settings -> General -> Networking options. If you want to use Unbound for everything, you probably want that entire section to be blank (i.e. no DNS servers specified, and all options unchecked).
Title: Re: Queries for DNS, not sure what they are for
Post by: hushcoden on November 24, 2024, 09:45:58 PM
Quote from: dseven on November 24, 2024, 09:38:52 PM
There are some "ifs, ands and buts" around how the OPNsense host itself resolves DNS, primarily controlled via System -> Settings -> General -> Networking options. If you want to use Unbound for everything, you probably want that entire section to be blank (i.e. no DNS servers specified, and all options unchecked).
Yes, I can confirm nothing has been checked/selected on that networking section...
Title: Re: Queries for DNS, not sure what they are for
Post by: chemlud on November 24, 2024, 09:48:51 PM
Or maybe

System -> Settings -> General -> Networking -> DNS

127.0.0.1
Title: Re: Queries for DNS, not sure what they are for
Post by: hushcoden on November 24, 2024, 10:17:00 PM
Quote from: chemlud on November 24, 2024, 09:48:51 PM
Or maybe

System -> Settings -> General -> Networking -> DNS

127.0.0.1
Sorry, I don't understand what you mean...

As I said, the section System -> Settings -> General -> Networking is all blank/unchecked

I really would like to understand if there is anything to be concerned, e.g. something to change in my config...

Also, if I click on info box information, it brings up a pop up window (Detailed rule info) with reference to the "Disable force gateway" option in the Firewall -> Settings -> Advanced section

Title: Re: Queries for DNS, not sure what they are for
Post by: dseven on November 25, 2024, 09:43:10 AM
Hmm. Maybe Unbound is using plain port 53 for some requests. It might be interesting to do a packet capture (for port 53) and see what's being looked up....
Title: Re: Queries for DNS, not sure what they are for
Post by: meyergru on November 25, 2024, 11:21:56 AM
When I enable "strict" DoT, I do not see any of that, neither via Quad9 nor via Cloudflare.

There must be something else in your configuration that causes this. What comes to mind is: Domain Overrides, Query Forwarding or - most likely - some other daemon that does DNS on its own (probably Zenarmor?).

You can rule out Unbound by using Cloudflare instead of Quad9 for DoT and see if the other queries continue on Quad9.
Title: Re: Queries for DNS, not sure what they are for
Post by: hushcoden on November 27, 2024, 06:56:26 PM
So, yes, there was 'something else' and that was the PS5  ::)  I forgot I manually configured the DNS with Quad9

As soon as I turn it off, all that 'noise' stops  ;D

Thank you all.
Text only | Text with Images