Messages

opnsense-update -krf 21.7

Yes that works. Note that -r 21.7 is the default so you only really need -kf


Cheers,
Franco

Thanks! Will try :)

Can the updated 21.7 kernel be installed with:

opnsense-update -krf 21.7

I have currently booted with old_kernel and have not applied the msi-x tunables.

I do have the same issue:

Update to 21.7, then the opnsense hangs on Configuring Vlan interfaces

Hardware:
Intel Celeron G3900 2-Core 2,80GHz 2MB
8 GB (1x 8GB) ECC DDR4 2666 RAM
Supermicro X11SSH-LN4F with a Onboard Quad LAN with Intel® Ethernet Controller I210-AT

If i select the Kernel.old image in the boot screen, the opnsense starts fine. But I have to do this on every startup/reboot.

Same problem here (and also a friend of mine) after upgrading to 21.7. Booting kernel.old works but not the new kernel.

CPU: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz (3504.14-MHz K8-class CPU)
Quad Intel(R) PRO/1000 PCI-Express

VLANs on LAGG configured

My friend has a Qotom box. Not sure which model but with intel nics and VLANs on LAGG configured.

Thanks!

I just saw this https://github.com/opnsense/plugins/pull/1694

I seem to have a problem with unbound-plus-devel 0.4 since the update from 0.3.

If I enable "Adaway List" and "Easy List" everything is ok.

However, with Stephen Black list unbound does not start (I have not tried them all).

Anyone else who have the same problem or just me?

By default, unbound works as a recursive resolver. It will only use the DNS servers from System / Settings / General if you enable forwarding mode.

Cheers

Maurice

Ahhh thanks! :)
Found the setting to change to forwarding mode. Now it only resolve using my specified forwarders.

Thanks, yes it was set to all. I have changed that now but it still does a lot of ns lookups to different nameservers.
64.4.48.201:53
216.239.38.10:53
205.251.198.210:53
170.33.24.73:53
13.107.160.201:53
And so on... :(

Yes, appears to be azure-dns lookups.
I have a win2016 server.

But any dns lookup from my clients should be redirected by the NAT rule.

Hi,

I recently created a NAT rule redirecting all DNS lookups from clients on my network(s) to the opnsense box (unbound).
Seems to work fine. If I try to do a DNS lookup from one of my clients to a non existing DNS server I still get an answer (from unbound)

However, in the log, I still see unknown DNS lookups to servers I have not set in System: Settings: General:

WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:29809   40.90.4.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:27319   13.107.24.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:38033   64.4.48.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:5254   64.4.48.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:34242   13.107.24.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:33800   40.90.4.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:35915   13.107.24.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:59161   13.107.24.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:36519   40.90.4.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:54124   40.90.4.201:53   udp   let out anything from firewall host itself (force gw)   
WAN      Feb 12 10:48:27   xxx.xxx.xxx.xxx:38769   13.107.160.201:53   udp   let out anything from firewall host itself (force gw)

I also see them when doing a packet capture on the WAN interface.

Anyone know why the firewall use DNS servers not specified by me?

BR/Nylund