OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: errored out on August 07, 2021, 12:37:44 am
-
Has anyone experienced their dns not resolving the aliases? OS=21.7.1
The syslog (general) is filled with "/update_tables.py[######] unable to resolve alias_name_entered for alias XXXXXXX"
Another issue, when using Interfaces:Diagnostics: DNS Lookup, the pages updates without any information. It looks exactly as it did prior to clicking on "DNS Lookup".
Also, when using firewall:diagnostics:aliases, I receive "no results found".
Can the community verify if they are having the same issues? I would like to create a programming error if it actually is one. This is causing large problems and forcing many rules to be written.
-
I am on 21.7 and I have no results either with Interfaces:Diagnostics: DNS Lookup _but_ I use Unbound with get_dns Stubby, so maybe that is the reason.
However I also tried tracerouting in Interfaces:Diagnostics: Traceroute for the same domain "www.example.com" andI got an ip. The same one I got from the shell with getdns_query -s @127.0.0.1:8053 www.example.comI don't know if you're using Unbound and what is your setup so it might be apples to pears.
I don't know what is the alias in this context either.
-
Thank you for helping out.
I do not believe the program being used for resolution matters as it is a simple lookup. I'm using DNS-crypt. What the problem appears to be is the process itself.
When I tried tracert for my aliases, they are "unknown hosts". How is www.google.com unknown?
Then I tried from my computer, host www.google.com, immediately I received 142.250.81.228. Hmmm?
Can you try 1 more thing, please? When on the Firewall live view, can you check "lookup hostnames" at the top right, about the record count and see if it resolves the ip addresses. This was crashing my gui prior to the last upgrade, but now is stalling the site until "lookup hostnames" is unchecked.
If you try this and crash you gui, you can restore by logging into your FW (ssh) and run
/usr/local/etc/rc.restart_webgui
-
hi.
definitely problems with name resolution config on the OPN host itself ("Do not use the local DNS service as a nameserver for this system" or some)
-
Hi. I tried and I had no problem but I only left it for about 20 secs. Default list of 25. No freezes.
For the alias, do you mean you have created an alias of type "Host" with a public ip address?
-
Hi. I tried and I had no problem but I only left it for about 20 secs. Default list of 25. No freezes.
For the alias, do you mean you have created an alias of type "Host" with a public ip address?
My thinking exactly.
Errorer out - have you tried name resolution on the fireawall itself, dig, drill, etc.? Chances are like Fright says, there is no name server setup for the system. Clients are probably going to dns crypt hence all good there.
-
Thanks for all your help. To answer your questions, I had a DNS set up and the client machines were able to receive resolved addresses without issue. The host aliases are using IP addresses and others with domain names. Both types were still having the issue.
I had also used both options for Do not use the local DNS service as a name server for this system which did not make any difference in troubleshooting.
What it all came down to is WIREGUARD!!!!! which was installed recently and had not caused issues as the time-frame for the alias to be resolved had not been reached so, no need to resolve them. Once it came time to resolve all the aliases again, that is apparently when the issue started.
In wireguard, when the "local" configuration has an IP address in the "DNS server" it will overwrite the configuration for the DNS that was configured for the firewall itself (system>settings>General).
None of the documentation, nor the help text has this little bit of information. WOW