Messages

My Unbound DNS service crashes when my virtual box lan is started when I'm connected to this specific network on my laptop.

10.0.100.1 ---OpnSense with Unbound --- 192.168.1.1

The 10.0.100.0 network is able to resolve the internet when I'm connected to other lans, but there is something odd about this one.  Where should I look?
Thx

Date    Message
May 19 11:54:31    unbound: [35284:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 19 11:54:31    unbound: [35284:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
May 19 11:54:31    unbound: [35284:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 19 11:54:31    unbound: [35284:0] info: service stopped (unbound 1.9.1).
May 19 11:54:31    unbound: [35284:0] info: resolving . DNSKEY IN
May 19 11:54:31    unbound: [35284:0] info: start of service (unbound 1.9.1).
May 19 11:54:31    unbound: [35284:0] notice: init module 1: iterator
May 19 11:54:31    unbound: [35284:0] notice: init module 0: validator
May 19 11:54:31    unbound: [35284:0] notice: Restart of unbound 1.9.1.
May 19 11:54:31    unbound: [35284:0] info: mesh has 1 recursion states (1 with reply, 0 detached), 2 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 19 11:54:31    unbound: [35284:0] info: server stats for thread 0: requestlist max 1 avg 1 exceeded 0 jostled 0
May 19 11:54:31    unbound: [35284:0] info: server stats for thread 0: 2 queries, 0 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 19 11:54:31    unbound: [35284:0] info: service stopped (unbound 1.9.1).
May 19 11:54:15    unbound: [35284:0] info: resolving 0.opnsense.pool.ntp.org. AAAA IN
May 19 11:54:02    unbound: [35284:0] info: control cmd: list_local_data
May 19 11:54:02    unbound: [35284:0] info: resolving . DNSKEY IN
May 19 11:54:02    unbound: [35284:0] info: start of service (unbound 1.9.1).

unbound config

Code Select Expand

$ more unbound.conf
##########################
# Unbound Configuration
##########################

##
# Server configuration
##
server:
chroot: /var/unbound
username: unbound
directory: /var/unbound
pidfile: /var/run/unbound.pid
root-hints: /root.hints
use-syslog: yes
port: 53
verbosity: 1
hide-identity: yes
hide-version: no
harden-referral-path: no
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "validator iterator"
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: yes
serve-expired: no
outgoing-num-tcp: 10
incoming-num-tcp: 10
num-queries-per-thread: 4096
outgoing-range: 8192
infra-host-ttl: 900
infra-cache-numhosts: 10000
unwanted-reply-threshold: 0
jostle-timeout: 200
msg-cache-size: 4m
rrset-cache-size: 8m
num-threads: 1
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2

auto-trust-anchor-file: /var/unbound/root.key
prefetch: no
prefetch-key: no

# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::0
interface-automatic: yes

# Outgoing interfaces to be used
outgoing-interface: 192.168.1.92
outgoing-interface: 2605:6000:151b:22a4:a00:27ff:fe90:261


# DNS Rebinding
# For DNS Rebinding prevention
#
# All these addresses are either private or should not be routable in the global IPv4 or IPv6 internet.
#
# IPv4 Addresses
#
private-address: 0.0.0.0/8       # Broadcast address
private-address: 10.0.0.0/8
private-address: 100.64.0.0/10
private-address: 127.0.0.0/8     # Loopback Localhost
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 192.0.0.0/24    # IANA IPv4 special purpose net
private-address: 192.0.2.0/24    # Documentation network TEST-NET
private-address: 192.168.0.0/16
private-address: 198.18.0.0/15   # Used for testing inter-network communications
private-address: 198.51.100.0/24 # Documentation network TEST-NET-2
private-address: 203.0.113.0/24  # Documentation network TEST-NET-3
private-address: 233.252.0.0/24  # Documentation network MCAST-TEST-NET
#
# IPv6 Addresses
#
private-address: ::1/128         # Loopback Localhost
private-address: 2001:db8::/32   # Documentation network IPv6
private-address: fc00::/8        # Unique local address (ULA) part of "fc00::/7", not defined yet
private-address: fd00::/8        # Unique local address (ULA) part of "fc00::/7", "/48" prefix group
private-address: fe80::/10       # Link-local address (LLA)
# Set private domains in case authoritative name server returns a Private IP address
private-domain: "lan"
domain-insecure: "lan"


# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# DHCP leases (if configured)
include: /var/unbound/dhcpleases.conf

# Domain overrides
include: /var/unbound/domainoverrides.conf

# Unbound custom options
nameserver 8.8.8.8


# Forwarding
forward-zone:
    name: "."
        forward-addr: 192.168.1.1


remote-control:
    control-enable: yes
    control-interface: 127.0.0.1
    control-port: 953
    server-key-file: /var/unbound/unbound_server.key
    server-cert-file: /var/unbound/unbound_server.pem
    control-key-file: /var/unbound/unbound_control.key
    control-cert-file: /var/unbound/unbound_control.pem
$


Thank you for your offer of assistance.  My setup is on a laptop with VirtualBox 6.0.4.  The setup is:

Code Select Expand


LAN w/ Static V4 IP
-------------------
10.0.100.200/24 |
10.0.100.208/24 |
10.0.100.207/24 |    Static LAN
10.0.100.230/24 |---- LAN ---- 10.0.100.1 OPNsense w/ Unbound ----- WAN DHCP V4 and V6
10.0.100.240/24 |    DHCP V6 and V4
10.0.100.220/24 |
10.0.100.210/24 |

I'm able to navigate from the LAN VMs out to the internet in all locations except my home network.  I've checked from home router and I can't figure out what is so special about why I'm not getting out.

The hostnames don't resolve internally when I'm connected to my ISP's network either.
Where should I look for whatever is blocking me?

Thx!

It and block bogon networks are unticked.

Thanks.  I'll confirm.

Thanks for your reply.

The laptop LAN is 10.0.100.0/24.  The LAN sees the OPNsense router and the VMs see each other even when they can't get out on the home Charter Communications Spectrum ISP network. The house LAN is 192.168.1.0/24.  OPNsense gets an address.  The residential gateway is an Arris and the router doesn't have a name on it other than Charter Communications.

Thx

Hi. I have a small lab setup on a laptop.  I have OPNsense 19.1 as my router/firewall in a Virtual Box VM running Unbound.  There are multiple VMs running behind it.  When I'm on my work wifi or my phone's hotspot I can browse the web from inside the LAN.  Everything works as expected.

When I connect to my home wifi, I get a WAN IP, but I'm not able to resolve any exterior addresses.  It is a Spectrum ISP.  I don't see any firewall setting blocking 53 in the home router.  Any suggestions on what I should look for?

Thanks!

Hi. I'm running the following versions: OPNsense 18.7.1_3-amd64; FreeBSD 11.1-RELEASE-p12; OpenSSL 1.0.2o 27 Mar 2018

I trying to set up a VirtualBox environment on a laptop with OPNsense and Unbound as my router and dns to provide internet access to the lan.  The VirtualBox lan-side server hosts have static ips and the VirtualBox lan-side desktops have dhcp configs.  I'm not able to reference one host from another using their hostnames.  I'm trying to avoid adding each hostname to a local /etc/hosts file. 

The hosts that use dhcp can be referenced by hostname.  The ones with static ips can not.

I tried adding the static ip hosts in /var/unbound/unbound.conf and /var/unbound/host_entries.conf in separate attempts to enable the lan hosts to resolve each other by name.  Both times, the entries were removed on reboot.  The OPNsense host data and ptr records are retained in unbound.conf.

I'm missing something.  How do I set up the configuration to operate properly?

Thanks!