Messages

Hi Zusammen,

ich habe folgendes Setup bzw. vor.

1 x OPNsense Rechner mit 4 Netzwerkkarten
- IGC0 = WAN
- IGC1 = LAN (mit div. VLANs)
- IGC2 = unbenutzt
- IGC3 = unbenutzt

Auf IGC1 ist das "native" LAN dann auch mein Management VLAN für alle Switchtes, APs usw. (weitere VLANs laufen dann natürlich auch über das Interface)

Jetzt habe ich einen Proxmox-Rechner, den ich gerne direkt an eines der ungenutzten Interfaces an meinem OPNsense Router anschließen mag (da die Ports und der Proxmox 2,5GBit/s hat).

Doch wie bekomme ich jetzt den Proxmox Rechner dazu, dass er ebenfalls im "nativen LAN" ist, was ich auch an IGC1 anliegen habe?
Auf dem Proxmox soll der UniFi-Controller und noch ein paar andere Sachen laufen.

Geht das überhaupt? Freue mich auf Mithilfe.

Danke und viele Grüße

Hi,

during install of 23.1 I can choose to select "Harden DNSSEC Data". If I do so and install is complete,  "Harden DNSSEC Data" is NOT checked within Unbound Settings.

Looks like something is broken within the installer.

Maybe you can check it. Tried it on three different setups.

EDIT:
Solved with the answer from Franco. Thanks.

I do also get a lot of errors within unbound logs.

does the spinner appear after the button click?
Can you see in the browser console that the request is leaving (network tab)?

Hi.
- spinner does not appear
- looks like nothing does happen when clicking the button (tried it with several browsers).

Ok. Thx for your feedback.

Did you do it direct from the unbound reporting website or within unbound section?

See screenshot. If I click whitelist there nothing does happen.

Hi,

would be nice if you could check, if the whitelisting feature is broken?

For me if I whitelist some domain within unbound reporting tool nothing happens and the domain is not whitelisted within Services > Unbound DNS > Blocklist > Whitelist Domains

In an earlier version it was working without any issues.

Hi,

the new patch works like it should. Thanks for that.

Another issue I found out is, that after a day or so the hostname resolution stops working. Tried to restart unbound and DHCPv4 - but doesn't help at all. It stopped showing hostnames of my network devices and now only shows ip addresses.
Nothing special to see within Unbound log (or I didn't find it).

Anybody else also having those issues?

can you try with:

Code Select Expand

opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)

Issue solved! As it's one of the main new features of 23.1 I hope there will be/come an update patch for the release.

Thx a lot!

can you try with:

Code Select Expand

opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)

Will try it later. Thanks.

[dumbo]

@dumbo
sorry, but it's a bit confusing. Are there any errors in the general log? does the unbound itself work exactly (does the resolution of at least some names work)? if you enable display of all messages (Deebug) in the unbound log, are there any messages like "info: dnsbl_module: no logging backend found."?

Hi. Concerning your questions:

• yes a lot of errors within general log of unbound
• Unbound still does work - only reporting is broken
• yes - it's flooding the unbound log

Code Select Expand

info: dnsbl_module: attempting to open pipe AND info: dnsbl_module: no logging backend found.

If I play with unbound settings it starts to work again for a short amount of time - then again no reporting and a lot of those messages within unbound debug log.

And what else does occour is, that the reporting tool (old not updated entries are still there) lost their client name resolution and only showing IPs instead of names.

Looks like I found something.

1. It doesn't resolve client hostnames
2. when 'disabling'  Register DHCP leases &  Register DHCP static mappings it starts working again

But as I said - no hostname resolution (of local clients)

EDIT: Have to correct me... Stopped again working since a few minutes. 🤷🏼‍♂️

Do you really need to post in two threads and open a third?

Sorry - found out, that the other two topics do not fit.
So I thought it would be the best to have a separate topic on it to not influence the other topics in the wrong way.

is unbound itself working?

Yes - Unbound itself works without any issues. Despite all the errors within the logs and not working Unbound reporting.

Hi,

with todays update it looks like something strange happened to unbound (and it's reporting tool).

Reporting stopped working. And getting a lot of errors within ounbound log:
[35098:1] error: recvfrom 40 failed: Protocol not available
...
[71101:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)   
...

Looks like something is broken.

Restarted OPNsense and tried everything - but doesn't work.

EDIT: Issue solved!

Code Select Expand

opnsense-patch -a kulikov-a 404b9d5

... but after a second reboot, it seems to be working well.  (The startup beep sequence also seemed slow the first time, but had its normal cadence on the second reboot.  I've heard that slow beep sequence occasionally on previous upgrades - I'm not sure what it means, but when I hear it, I typically reboot again, "just in case".)

Thx for your feedback. already restarted several times - but doesn't work.  :(