31
18.7 Legacy Series / Re: New Install Problem - Not able to open websites on lan through firewall
« on: October 29, 2018, 09:57:44 am »
Hi!
Try setting the "Enable Forwarding Mode" to Yes (Checked) in Unbound DNS (Services: Unbound DNS: General).
If not enough, disable Harden DNSSEC data (Services: Unbound DNS: Advanced).
If still not enough, disable DNSSEC completely (Services: Unbound DNS: General).
Logic behind setting Forwarding Mode to ON: during the wizard, you get asked which DNS servers you want to use, so you set something there, maybe your provider's DNS, or Google's, or OpenDNS's etc.
By default, Unbound is set without Forwarding Mode (Disabled), and so it should directly resolve using root DNS servers. For unknown reasons, this doesn't work, so enabling Forwarding Mode would force Unbound to resolve using your previously set public DNS.
Logic behind Hardened DNSSEC settings: Depending on your chosen DNS forwarding servers, many of these DNS forwarding services don't cope well with DNSSEC, so try disabling Hardened DNSSEC at first, and then, if needed, DNSSEC completely.
Hope it helps.
Cheers!
Try setting the "Enable Forwarding Mode" to Yes (Checked) in Unbound DNS (Services: Unbound DNS: General).
If not enough, disable Harden DNSSEC data (Services: Unbound DNS: Advanced).
If still not enough, disable DNSSEC completely (Services: Unbound DNS: General).
Logic behind setting Forwarding Mode to ON: during the wizard, you get asked which DNS servers you want to use, so you set something there, maybe your provider's DNS, or Google's, or OpenDNS's etc.
By default, Unbound is set without Forwarding Mode (Disabled), and so it should directly resolve using root DNS servers. For unknown reasons, this doesn't work, so enabling Forwarding Mode would force Unbound to resolve using your previously set public DNS.
Logic behind Hardened DNSSEC settings: Depending on your chosen DNS forwarding servers, many of these DNS forwarding services don't cope well with DNSSEC, so try disabling Hardened DNSSEC at first, and then, if needed, DNSSEC completely.
Hope it helps.
Cheers!