Messages

OPNSense acts as main internal DNS server (.lan) and I have a windows AD domain controller (.dom.lan)
Ubound dns is configures with domain override for *.dom.lan.

On boot everything works but after some time, usually less then 24h, unbound stops responding to requests in *.dom.lan zone. This prevents windows clients to find their domain controller.

Restarting unbound resolves the issue. I've tried putting the override in "Overrides" or in "Query Forwarding" even tried having it i both at the same time.

So far there is no useful information in the logs. They just show that at some point unbound stops redirecting request to the domain controller dns server.

This was working with no problems in 21.x

False alarm!

I was able to trace to source to a visitors device. Strange why only the out going packages showed in the live view.

Anyway here is what the packets looked like if someone is interested (sensitive information have been removed)

Request:

Code Select Expand


0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020   00 00 00 00 00 00 00 00 00 00 76 a2 81 80 00 01   ..........v.....
0030   00 00 00 00 00 00 01 32 0d 64 6e 73 63 52 59 50   .......2.dnscRYP
0040   74 2d 63 45 52 54 07 6f 70 45 6e 44 6e 73 03 43   t-cERT.opEnDns.C
0050   4f 6d 00 00 10 00 01                              Om.....



Response:

Code Select Expand


0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020   00 00 00 00 00 00 00 00 00 00 76 a2 81 80 00 01   ..........v.....
0030   00 01 00 00 00 00 01 32 0d 64 6e 73 63 52 59 50   .......2.dnscRYP
0040   74 2d 63 45 52 54 07 6f 70 45 6e 44 6e 73 03 43   t-cERT.opEnDns.C
0050   4f 6d 00 00 10 00 01 c0 0c 00 10 00 01 00 00 06   Om..............
0060   ba 00 7d 7c 44 4e 53 43 00 01 00 00 bf 8f 81 b9   ..}|DNSC........
0070   2b 6e ce ef a3 1a 25 0e b8 b2 1d a7 1b b2 97 f5   +n....%.........
0080   22 3e 77 ae e1 04 66 ed dc 19 03 59 c9 0c e5 6a   ">w...f....Y...j
0090   73 be 19 3a 62 e8 1a ea e7 31 14 02 b9 76 8e 1a   s..:b....1...v..
00a0   79 3b f5 00 de 8e aa 35 56 66 cf 09 6f 08 19 a2   y;.....5Vf..o...
00b0   e0 63 60 b3 24 99 e5 34 0c 0e 8b 30 f5 cf b1 76   .c`.$..4...0...v
00c0   df 19 2b c7 2c 52 81 32 88 95 54 2a 71 6a 7a 6d   ..+.,R.2..T*qjzm
00d0   6d 48 6a 53 5f 90 d2 47 5f 90 d2 47 61 72 05 c7   mHjS_..G_..Gar..


installed plugins:

• os-acme-client
• os-api-backup
• os-bind
• os-firewall
• os-munin-node
• os-theme-cicada
• os-theme-rebellion
• os-theme-tukan
• os-theme-vicuna
• os-tinc
• os-tor
• os-wol

Both unbound and bind are enabled:
dns traffic from a particular internal host is redirected to bind
rest of the network is served using unbound

OpenDNS is not enabled and have never been enabled

There are no dns servers configures but "Allow DNS server list to be overridden by DHCP/PPP on WAN" is enabled

I just checked if my ISP is sending the opendns server in the DHCP response and they are not. 

Hello All,

So I've noticed that the gateway it self makes number of udp requests to 208.67.222.222:443 which is a OpenDNS host.
The frequency varies between 10s of requests per minutes to 1 every few minutes.
I have never enabled OpenDNS support nor do I plan to.

I want to learn about why are these requests made and what will be affected if they are disabled.

So far I've setup a firewall rule to block such requests and I've seen no degradation in the GW performance. But I would prefer if no such requests are made at all unless I've opendns enabled.