"
Well, I see it, it make sense that the alias has to be whitelisted
Thanks for the help!
Thanks for the help!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Unbound DNS problem with Cache or config, not clearing?
May 15, 2020, 11:00:47 AM #2
General Discussion / Re: Unbound DNS problem with Cache or config, not clearing?
May 13, 2020, 02:11:15 PM
Well
Seeing logs of NextDNS, I saw that this query "v4ncsi.msedge.net" was being blocked (By a list). the www.msftconnecttest.com is not blocked (And I saw it in logs, but not when I did nslookup)
Is strange because when call firewall to resolve msftconnecttest.com, it resolves v4ncsi.msedge.net (Was blocked), but directly calls to "4-c-0003.c-msedge.net" (Seems not blocked):
Calling Firewall:
Calling NextDNS directly:
Google resolves also as "4-c-0003.c-msedge.net"
When I unblock "v4ncsi.msedge.net" in NextDNS, firewall resolves as "4-c-0003.c-msedge.net"
Alghough adding to whitelist resolves my problem and I don't worry about it, my brain is not able to understand why this is happening..
Seeing logs of NextDNS, I saw that this query "v4ncsi.msedge.net" was being blocked (By a list). the www.msftconnecttest.com is not blocked (And I saw it in logs, but not when I did nslookup)
Is strange because when call firewall to resolve msftconnecttest.com, it resolves v4ncsi.msedge.net (Was blocked), but directly calls to "4-c-0003.c-msedge.net" (Seems not blocked):
Calling Firewall:
Code Select
PS C:\Users\x> nslookup www.msftconnecttest.com 192.168.X.X
Servidor: FW
Address: 192.168.X.X
Respuesta no autoritativa:
Nombre: v4ncsi.msedge.net
Addresses: 2a0d:5642:113:101:5054:ff:fe29:631b
37.120.148.100
Aliases: www.msftconnecttest.com
Calling NextDNS directly:
Code Select
PS C:\Users\x> nslookup www.msftconnecttest.com 45.90.28.36
Servidor: dns1.nextdns.io
Address: 45.90.28.36
Respuesta no autoritativa:
Nombre: 4-c-0003.c-msedge.net
Address: 13.107.4.52
Aliases: www.msftconnecttest.com
v4ncsi.msedge.net
ncsi.4-c-0003.c-msedge.net
Google resolves also as "4-c-0003.c-msedge.net"
When I unblock "v4ncsi.msedge.net" in NextDNS, firewall resolves as "4-c-0003.c-msedge.net"
Code Select
PS C:\Users\X> nslookup www.msftconnecttest.com 192.168.X.X
Servidor: FW
Address: 192.168.X.X
Respuesta no autoritativa:
Nombre: 4-c-0003.c-msedge.net
Address: 13.107.4.52
Aliases: www.msftconnecttest.com
v4ncsi.msedge.net
ncsi.4-c-0003.c-msedge.net
Alghough adding to whitelist resolves my problem and I don't worry about it, my brain is not able to understand why this is happening..
#3
General Discussion / Re: Unbound DNS problem with Cache or config, not clearing?
May 13, 2020, 01:15:49 PM
Log in level 3
Code Select
2020-05-13T13:14:25 unbound: [26558:0] debug: cache memory msg=85642 rrset=100766 infra=8564 val=77070
2020-05-13T13:14:25 unbound: [26558:0] info: validator operate: query www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
2020-05-13T13:14:25 unbound: [26558:0] info: finishing processing for www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] info: query response was ANSWER
2020-05-13T13:14:25 unbound: [26558:0] info: reply from <.> 45.90.28.46#53
2020-05-13T13:14:25 unbound: [26558:0] info: response for www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] info: iterator operate: chased to v4ncsi.msedge.net. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] info: iterator operate: query www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
2020-05-13T13:14:25 unbound: [26558:0] debug: cache memory msg=85190 rrset=100561 infra=8564 val=77070
2020-05-13T13:14:25 unbound: [26558:0] debug: sending to target: <.> 45.90.28.46#53
2020-05-13T13:14:25 unbound: [26558:0] info: sending query: v4ncsi.msedge.net. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] info: processQueryTargets: www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] info: resolving www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] info: resolving www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
2020-05-13T13:14:25 unbound: [26558:0] info: validator operate: query www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
2020-05-13T13:14:25 unbound: [26558:0] info: 192.168.36.40 www.msftconnecttest.com. AAAA IN
2020-05-13T13:14:25 unbound: [26558:1] debug: cache memory msg=85190 rrset=100561 infra=8564 val=77070
2020-05-13T13:14:25 unbound: [26558:1] info: Verified that unsigned response is INSECURE
2020-05-13T13:14:25 unbound: [26558:1] info: validator operate: chased to v4ncsi.msedge.net. A IN
2020-05-13T13:14:25 unbound: [26558:1] info: validator operate: query www.msftconnecttest.com. A IN
#4
General Discussion / Re: Unbound DNS problem with Cache or config, not clearing?
May 13, 2020, 01:02:48 PM
Hi
I restarted service but well.. Same
In log appears:
2020-05-13T13:00:53 unbound: [12154:0] info: 192.168.36.34 www.msftconnecttest.com. A IN
2020-05-13T13:00:46 unbound: [12154:0] info: 192.168.36.40 www.msftconnecttest.com. AAAA IN
2020-05-13T13:00:46 unbound: [12154:0] info: 192.168.36.40 www.msftconnecttest.com. A IN
This was the query (Being 192.168.X.X FW address)
PS C:\Windows\system32> nslookup www.msftconnecttest.com 192.168.X.X
Servidor: **server hostname**
Address: 192.168.X.X
Respuesta no autoritativa:
Nombre: v4ncsi.msedge.net
Addresses: 2a0d:5642:113:101:5054:ff:fe29:631b
37.120.148.100
Aliases: www.msftconnecttest.com
In Google:
PS C:\Windows\system32> nslookup www.msftconnecttest.com 8.8.8.8
Servidor: dns.google
Address: 8.8.8.8
Respuesta no autoritativa:
Nombre: 4-c-0003.c-msedge.net
Address: 13.107.4.52
Aliases: www.msftconnecttest.com
v4ncsi.msedge.net
ncsi.4-c-0003.c-msedge.net
I think is not passing with every page (Because yesterday I registered a domain, saw here, change IP address of domain register, and it updated here..)
I restarted service but well.. Same
In log appears:
2020-05-13T13:00:53 unbound: [12154:0] info: 192.168.36.34 www.msftconnecttest.com. A IN
2020-05-13T13:00:46 unbound: [12154:0] info: 192.168.36.40 www.msftconnecttest.com. AAAA IN
2020-05-13T13:00:46 unbound: [12154:0] info: 192.168.36.40 www.msftconnecttest.com. A IN
This was the query (Being 192.168.X.X FW address)
PS C:\Windows\system32> nslookup www.msftconnecttest.com 192.168.X.X
Servidor: **server hostname**
Address: 192.168.X.X
Respuesta no autoritativa:
Nombre: v4ncsi.msedge.net
Addresses: 2a0d:5642:113:101:5054:ff:fe29:631b
37.120.148.100
Aliases: www.msftconnecttest.com
In Google:
PS C:\Windows\system32> nslookup www.msftconnecttest.com 8.8.8.8
Servidor: dns.google
Address: 8.8.8.8
Respuesta no autoritativa:
Nombre: 4-c-0003.c-msedge.net
Address: 13.107.4.52
Aliases: www.msftconnecttest.com
v4ncsi.msedge.net
ncsi.4-c-0003.c-msedge.net
I think is not passing with every page (Because yesterday I registered a domain, saw here, change IP address of domain register, and it updated here..)
#5
General Discussion / Unbound DNS problem with Cache or config, not clearing?
May 13, 2020, 12:34:51 PM
Hi guys!
I'm using Unbound DNS in OPNsense 20.1.6, and I have a problem. I don't know in what moment Server didn't clear some DNS cached entries and I can't connect to some urls.
I'm using NextDNS in System-Settings-General (45.90.28.46 and 45.90.30.46) and tried checking and unchecking "Do not use the local DNS service as a nameserver for this system"
In unbound dns I have enabled on all interfaces, port 53, DNSSEC active, domain override (our local domain),checked:
DHCP Static Mappings Register DHCP static mappings
IPv6 Link-local Register IPv6 link-local addresses
TXT Comment Support Create corresponding TXT records
DNS Query Forwarding Enable Forwarding Mode
Local Zone Type transparent and outgoing interfaces all
In stadistics some time ago says "Zero TTL undefined", seems a bug
There is a domain that was blocked by nextdns but now not, http://www.msftconnecttest.com, if I try to resolve in OpenDNS shows old ip (37.120.148.100) and if I try to resolve with NextDNS directly shows good ip 13.107.4.52. The two shows real name in nslookup ( v4ncsi.msedge.net)
What I can do? I don't know logs that I can put or how to reset Unbound. I tried to reinstall unbound dns, and reboot opnsense..
I'm using Unbound DNS in OPNsense 20.1.6, and I have a problem. I don't know in what moment Server didn't clear some DNS cached entries and I can't connect to some urls.
I'm using NextDNS in System-Settings-General (45.90.28.46 and 45.90.30.46) and tried checking and unchecking "Do not use the local DNS service as a nameserver for this system"
In unbound dns I have enabled on all interfaces, port 53, DNSSEC active, domain override (our local domain),checked:
DHCP Static Mappings Register DHCP static mappings
IPv6 Link-local Register IPv6 link-local addresses
TXT Comment Support Create corresponding TXT records
DNS Query Forwarding Enable Forwarding Mode
Local Zone Type transparent and outgoing interfaces all
In stadistics some time ago says "Zero TTL undefined", seems a bug
There is a domain that was blocked by nextdns but now not, http://www.msftconnecttest.com, if I try to resolve in OpenDNS shows old ip (37.120.148.100) and if I try to resolve with NextDNS directly shows good ip 13.107.4.52. The two shows real name in nslookup ( v4ncsi.msedge.net)
What I can do? I don't know logs that I can put or how to reset Unbound. I tried to reinstall unbound dns, and reboot opnsense..
Pages1
