Messages

Have tried setting this up, but am getting SERVFAIL when querying unbound DNS service. I think the problem is related to:

Code Select Expand

do-not-query-localhost

I added it to the custom config, but unbound would not reload, error:

opnsense: /services_unbound.php: The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '/var/unbound/unbound.conf:106: error: syntax error read /var/unbound/unbound.conf failed

Line 106 was:

Code Select Expand

do-not-query-localhost: no

in the custom section in unbound advanced

you need the entire section

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530


Which Guide did you follow?  Guides are not very thorough. 

All:

I sorted it.  The documentation here https://wiki.opnsense.org/manual/how-tos/bind.html
and
https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

Has a TYPO..

do-not-query-localhost: no
forward-zone:
name: ,,."      <------------ Should be "."
forward-addr: 127.0.0.1@53530

If you copy and paste the above into the Custom section in Unboud.
It creates this in unbound.conf

# Unbound custom options
do-not-query-localhost: no
forward-zone:
name: �^`^~.�^`^|    <----------------Bad characters
forward-addr: 127.0.0.1@53530


Please use the below and retest.

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530

Also Opnsense and Mimugmail please update the syntax in the Documentation.

ok so this guide
https://wiki.opnsense.org/manual/how-tos/bind.html or in general your guide with out firewall rule.

Set unbound
custom to
do-not-query-localhost: no
forward-zone:
name: ,,."
forward-addr: 127.0.0.1@53530

outgoing to local

and only change
Systems settings general DNS server set to Blank


Ok here we go...

metal

Just old school I guess...

All:

Trying to configure the BIND plugin.  I have read several post and

Followed this Guide https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

It seems to work but I have some questions..

I also read this https://wiki.opnsense.org/manual/how-tos/bind.html

My goal is to have everything filtered and blocked. Use Unbound with forwarding. No firewall rules.  Not sure which guide to use?

What I have before Changing anything.
Systems settings general DNS server set to external dns aka 1.1.1.1, 8.8.8.8

Unbound DNS General
   enable resolver
   Network Interface ALL
   Local Zone Transparent
   Enable Forward         
   dhcp registrations and static mapping
   No custom entries
   Outgoing Network Interfaces ALL

Dhcpv4
no DNS server set forwarding Router IP as dns to clients


Questions:

This Guide https://wiki.opnsense.org/manual/how-tos/bind.html
Doesn't have a firewall rule.  It only has the Custom section.
Should I use this guide? Does this work directly with Unbound and my above setup?

I ask because when read posts I found this.
https://forum.opnsense.org/index.php?topic=10180.msg46878#msg46878
But that didnt seem to work for Mayo or Mimino
Northguy said use mimugmails guide and set localhost outgoing.  But that guide includes a firewall rule. 

Still a bit confused..

Also do I need to change any of my config above?

You might check out some of the other posts and see if any of that helps.

https://forum.opnsense.org/index.php?topic=9264.0

https://forum.opnsense.org/index.php?topic=6942.msg30436#msg30436

https://forum.opnsense.org/index.php?topic=5487.msg24722#msg24722

Just some random searches using APU or Jaguar

You are absolutely correct. It's not opnsense. It's a bad firmware update by att. The have broken DMZ in the latest firmware. If I take it out of dmz mode works great.   8)

Ok when I can will try that. Strange that removing doesn't work though. Thanks so far.

Could not find limiters on system..

As well the queues and rules. I removed them all. The system reports no limiter on system. However the speed test still shows 50 mbbits.  Even dumped the state tables and reboot the Mac as well.

all removed

All: 

I searched and read lots of posts.  I set up guestnet shaping.  Now I want to remove it / disable.  So I removed all the rules, and pipe.  Applied even reset.  Then rebooted.  The connection is still limited?  What have I missed? 

This maybe? https://forum.opnsense.org/index.php?topic=10456.msg47802#msg47802

All:
This could be a known issue.  I am fairly sure its due to traffic shaping being on.  Also it appears to effect Debian boxes.  if you ssh to it via ip4 after a minute or so ssh hangs and then crashes the session.  Centos boxes not effected best I can tell.  Debian's wiki gives this link https://wiki.debian.org/SSH#SSH_hangs

Possible cause
With some routers behind NAT and when using OpenSSH. During session setup, after the password has been given, OpenSSH sets the TOS (type of service) field in the IP datagram. The router chokes on this.

I was able to get past it with the resolution in the link. 

Wanted to report for you all to know.  I will do some more testing in the AM with Shaping off.  If you all want any thing just hollar.

bd

Welcome, Brent! <3

PS: /etc/tty overwrites on boot for safety / recovery reasons. Maybe we need to find a more permanent solution.

Thanks Franco

Looking forward to all of your help and all the future development..