Messages

I also install nano, much better experience :) Editor wars 2.0

:-)

I first used Unix in the 1980s and only occasionally since then, enough to be familiar but never regular. At that time vi was clearly better to use than ed so I did, and have ever since. Also, ZZ is quicker than :wq

Weird.

As noted above, I had made no changes at all to my configuration for months before I upgraded from 26.1.8 to 26.1.9, when DNS stopped.

Today I spent some time exploring for problems. The Unbound log showed enquiries were being blocked, yet I have no blocklist set in Unbound. Re-upgrading after returning to the prior snapshot (which also now failed) was marked by the same upgrade oddity that the normally verbose output did not show at all until the entire upgrade had completed. Still DNS did not work although the internet remained accessible by IP address.

I upgraded a reserve machine. It was fine, and displaying the usual output along the way.

I switched off to think about it a while, switched back on (far from the first power cycle in this) and, DNS woke up.

I am nonplussed. I did nothing to stop it working and nothing to fix it again. Cosmic rays from the Universe? Might Q-feeds have interfered for a while?

I will run the internal router for another day or so before nervously upgrading the edge.

I upgraded my internal (not edge) router to 26.1.9 this morning (AEST), promptly losing DNS resolution

Did you try a health check?

Anything unusual in unbound debug logs ?

Will try, and check. Currently it is unplugged. Tomorrow I will have time to set up to test those things without breaking internet for anyone else in the process.

I upgraded my internal (not edge) router to 26.1.9 this morning (AEST), promptly losing DNS resolution although I could still ping external IP addresses. Reverting to the 26.1.8_5 snapshot did not resolve the problem. Absolutely nothing else was changed, this was a routine upgrade process. Has anyone else encountered this, such that I should report it formally?

All DNS is through Unbound on the edge. The internal router's Unbound points to the edge router.

For clarity I did not upgrade the edge router, so the other nets which do not pass through the internal router continued to behave normally. When I replaced the internal router with a switch then normal behaviour returned as expected.

@brandywine.
You missed the ascii emoji.

Better get the dust out. Blast it through every hole with one of those little battery-powered blowers ;-)

For xDSL connections the products made by DrayTek are my absolute favorite! :)

Yes, I had two (serially) for ADSL connections. They were very solid and by reputation very secure. Fibre and a wish to do some things entailing a Draytek business licence overrode.

I handed off the first to family and sold the second only last year for a better price than one usually expects for older networking gear.

If you live in US, get Protecli. If you live in EU, get Deciso or Thomas Krenn. It is that simple.

Just pausing to mention existence of other places on the planet at which point simplicity is down the gurgler, decisions need to be made. Our relative proximity to one or two Chinas makes CWWK boxes very popular. Been there, done that, in fact finally have it on ebay at the moment.

I will stick with my own decision which I consider sound for the reasons I outlined above, all subsequent discussion (and fisking) notwithstanding. The topic is a quad port, reliable, fast router, with a side of supporting companies and principles most valuable to each person.

Coreboot

No coreboot in the DEC740 I got, do you know which models got coreboot?

Yes. Mine. Otherwise, check the product page. :)

It was mentioned above as a positive feature, so I mentioned it is available in a quad-port Deciso router.

If it is affordable then I recommend Deciso appliances.

• Coreboot
• Small and efficient, with good WAF
• One year of business edition, or consider that a donation
• Releases work, or at least are a better bet to do so than on a third party box

If your DNS use is internal rather than public-facing then definitely use the router for that and DHCP. All the management tools are there.

eta: I formerly used a mini-pc for Opnsense. If or when I need to replace the 697, it will be with a Deciso appliance for all the above reasons.

Nor is it used to visit root servers (my case) which are not part of or listed in system nameservers. Given the addresses to which you finally connect are visible to an ISP, not to mention at the site itself, and I have a static IP, I do not consider DoT to provide any privacy of interest.

What is your setting for System -> Settings -> General -> DNS server options -> Allow DNS server list to be overridden by DHCP/PPP on WAN?

No override.

Yes, my intention was to make the connections to root servers, as Unbound defaults.

configure Unbound to forward all other zones, i.e., not local, to an upstream DNS server but this doesn't seem possible in OPNsense

I am not sure what you mean by this. In my network there is effectively a couple of layers such that the 'green' zone is firewalled from the rest independently from the fact the Opnsense edge router distinguishes three zones in its rules. The internal router caches (as do computers) and addresses all new DNS enquiries directly to the edge Opnsense, where Unbound listens on all interfaces and sends its queries to root servers. Is this the general idea you were discussing?

update: Further testing has not reproduced the following so I have marked the topic closed. Cause of the original issue is unknown.

After upgrading to 26.1.7_1 from 26.1.6_2 I found I could no longer resolve DNS names although connectivity was otherwise fine for cached names or for direct IP addresses. Incoming mail to our server also arrived normally during this time.

I added quad9 in System->Settings->General then ticked Override in Services->Unbound->Query forwarding, after which names resolved normally. Switching back to no override stopped it again.

Currently I am functional with the override in place, wondering whether this is a product glitch or something more I need to follow up here?

As with the lack of warning about changes, the Apply button is also apparently live when no changes have been made.

Please attach screenshots.

Links are not attachments.

My reasons for the request are thread longevity and user security.

By the way, from which version were you upgrading?