"Screenshot attached from the system log MAY be relevant. Going back to DNSMasq, till I can figure out what is actually happening.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
23.7 Legacy Series / Re: Unbound crashing
October 11, 2023, 08:44:56 AMScreenshot attached from the system log MAY be relevant. Going back to DNSMasq, till I can figure out what is actually happening.
#2
23.7 Legacy Series / Re: Unbound crashing
October 10, 2023, 09:14:25 AMQuote from: newsense on October 03, 2023, 04:14:43 AM
I wonder if you have a corrupt there even if it doesn't look like that...
Try removing the file and restarting Unbound.Code Selectservice unbound stop && rm -v /var/unbound/root.hints & cp -v /usr/local/opnsense/service/templates/OPNsense/Unbound/core/root.min.hints /var/unbound/root.hints && service unbound onestart
OK - unbound has been crashing - executed the above - will monitor.
#3
23.7 Legacy Series / Re: Unbound not resolving Microsoft domains
October 02, 2023, 09:43:29 AM
During my troubleshooting I removed the blocklists entirely rather than just disabling and lookups started to work. I have reinstated the blocklists and enabled it and still working ok. I will keep unbound in service for now and see what happens.
If I get an error I will post the screenshots. :-\
If I get an error I will post the screenshots. :-\
#4
23.7 Legacy Series / Re: Unbound crashing
October 01, 2023, 08:41:49 AM
Ok did the diff against /var/unbound/root.hints, no output.
I will be switching back over to unbound. In the event of a crash what would be needed (captures, logs, files, command line etc.) to diagnose the issue?
I will be switching back over to unbound. In the event of a crash what would be needed (captures, logs, files, command line etc.) to diagnose the issue?
#5
23.7 Legacy Series / Re: Unbound not resolving Microsoft domains
October 01, 2023, 08:31:07 AM
Ok - did that, got the A records just fine however a lookup from a client still has issues with Microsoft domains BUT I checked the reporting page for Unbound and it looks like the blocklists are kicking in even though I don't have them enabled??
From the client -
nslookup www.outlook.com
Server: 192.168.3.1
Address: 192.168.3.1#53
*** Can't find www.outlook.com: No answer
From Opnsense (server field left blank)
A www.outlook.com. 299 IN CNAME outlook.office365.com.
outlook.office365.com. 59 IN CNAME ooc-g2.tm-4.office.com.
ooc-g2.tm-4.office.com. 59 IN CNAME outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com. 59 IN CNAME SYD-efz.ms-acdc.office.com.
SYD-efz.ms-acdc.office.com. 9 IN A 40.99.133.242
SYD-efz.ms-acdc.office.com. 9 IN A 52.98.142.210
SYD-efz.ms-acdc.office.com. 9 IN A 52.98.8.34
SYD-efz.ms-acdc.office.com. 9 IN A 52.98.0.178 1.1.1.1 10 msec
MX www.outlook.com. 154 IN CNAME outlook.office365.com.
outlook.office365.com. 58 IN CNAME ooc-g2.tm-4.office.com.
ooc-g2.tm-4.office.com. 60 IN CNAME outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com. 59 IN CNAME SYD-efz.ms-acdc.office.com. 8.8.4.4 16 msec
TXT www.outlook.com. 300 IN CNAME outlook.office365.com.
outlook.office365.com. 60 IN CNAME ooc-g2.tm-4.office.com. 1.1.1.1 20 msec
From the client -
nslookup www.outlook.com
Server: 192.168.3.1
Address: 192.168.3.1#53
*** Can't find www.outlook.com: No answer
From Opnsense (server field left blank)
A www.outlook.com. 299 IN CNAME outlook.office365.com.
outlook.office365.com. 59 IN CNAME ooc-g2.tm-4.office.com.
ooc-g2.tm-4.office.com. 59 IN CNAME outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com. 59 IN CNAME SYD-efz.ms-acdc.office.com.
SYD-efz.ms-acdc.office.com. 9 IN A 40.99.133.242
SYD-efz.ms-acdc.office.com. 9 IN A 52.98.142.210
SYD-efz.ms-acdc.office.com. 9 IN A 52.98.8.34
SYD-efz.ms-acdc.office.com. 9 IN A 52.98.0.178 1.1.1.1 10 msec
MX www.outlook.com. 154 IN CNAME outlook.office365.com.
outlook.office365.com. 58 IN CNAME ooc-g2.tm-4.office.com.
ooc-g2.tm-4.office.com. 60 IN CNAME outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com. 59 IN CNAME SYD-efz.ms-acdc.office.com. 8.8.4.4 16 msec
TXT www.outlook.com. 300 IN CNAME outlook.office365.com.
outlook.office365.com. 60 IN CNAME ooc-g2.tm-4.office.com. 1.1.1.1 20 msec
#6
23.7 Legacy Series / Re: Unbound crashing
September 30, 2023, 02:48:21 AM
Yes, I know logs would be good.
But is hard given that
1. DNSmasq is in use due to Unbound's issues
2. I would need to capture a crash, which is not always predictable or reproducible.
I will give it a try. Would logs at "Error" level suffice?
But is hard given that
1. DNSmasq is in use due to Unbound's issues
2. I would need to capture a crash, which is not always predictable or reproducible.
I will give it a try. Would logs at "Error" level suffice?
#7
23.7 Legacy Series / Re: Unbound not resolving Microsoft domains
September 30, 2023, 02:44:30 AM
Blocklists are not enabled.
A DNS lookup from the firewall works just fine, see my original post.
When a lookup is done from a client machine the first lookup is successful, a second lookup fails,
I have to do a lookup form the firewall (twice as the first one does not return A records) again for the A and AAAA records are populated again.
I am on DNSmasq now but I will turn on DNS reporting and switch over to Unbound and do another test.
A DNS lookup from the firewall works just fine, see my original post.
When a lookup is done from a client machine the first lookup is successful, a second lookup fails,
I have to do a lookup form the firewall (twice as the first one does not return A records) again for the A and AAAA records are populated again.
I am on DNSmasq now but I will turn on DNS reporting and switch over to Unbound and do another test.
#8
23.7 Legacy Series / Re: Unbound crashing
September 29, 2023, 12:24:03 AM
Same issue here (on 23.7.5) - amongst others.
#9
23.7 Legacy Series / Re: Unbound not resolving Microsoft domains
September 29, 2023, 12:18:00 AM
Additional note, "msn.com" resolves fine.
Ok. Now, disabled query forwarding. Same result.
System: Settings: General: Prefer IPv4 over IPv6 - checked
System: Settings: General: DNS servers - 8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1 (use gateway - none)
Other options unchecked.
Ok. Now, disabled query forwarding. Same result.
System: Settings: General: Prefer IPv4 over IPv6 - checked
System: Settings: General: DNS servers - 8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1 (use gateway - none)
Other options unchecked.
#10
23.7 Legacy Series / Unbound not resolving Microsoft domains
September 28, 2023, 10:19:13 AM
This is a weird one.
Since upgrading to the 23.x.x firmware unbound has been causing me no end of issues.
Config:
Services: Unbound DNS: General: Enable DNS64 Support - checked
Services: Unbound DNS: General: DNS64 Prefix - 64:ff9b::/96
Services: Unbound DNS: General: Flush DNS Cache during reload - checked
Services: Unbound DNS: General: Local Zone Type - transparent
Services: Unbound DNS: Overrides - none
Services: Unbound DNS: Advanced: General Settings - nothing checked, all values at defaults.
Services: Unbound DNS: Query Forwarding: Use System Nameservers - checked
If I do a DNS lookup from the firewall via diagnostics I get this
Response
Type Answer Server Query time
A www.msn.com. 11115 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 130 IN CNAME a-0003.a-msedge.net.
a-0003.a-msedge.net. 238 IN A 204.79.197.203 127.0.0.1 0 msec
MX www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 28 msec
TXT www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 0 msec
I then do a lookup form the host ok, however, when I do second lookup I get this error
Server: OPNsense.localdomain
Address: <my LAN interface IP>
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for www.msn.com
and when I do a second internal lookup no A record is returned ONLY the TXT and MX record.
Here is a snip from the log viewer for a good lookup
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 1 145
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.037137 0 145
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:38 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.010582 0 29
2023-09-28T18:15:37 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.000000 1 104
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 0 145
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.026181 0 145
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.043634 0 29
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.022878 0 29
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN
Here is the second lookup - the one that returns no A records
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN NOERROR 0.057046 0 29
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN NOERROR 0.020184 0 29
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:0] info: localdomain. transparent 192.168.3.2@54870 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:2] info: localdomain. transparent 192.168.3.2@51736 www.msn.com.localdomain. A IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN
I have had to revert to DNSmasq till I get this sorted.
Any help appreciated. :-\
Since upgrading to the 23.x.x firmware unbound has been causing me no end of issues.
Config:
Services: Unbound DNS: General: Enable DNS64 Support - checked
Services: Unbound DNS: General: DNS64 Prefix - 64:ff9b::/96
Services: Unbound DNS: General: Flush DNS Cache during reload - checked
Services: Unbound DNS: General: Local Zone Type - transparent
Services: Unbound DNS: Overrides - none
Services: Unbound DNS: Advanced: General Settings - nothing checked, all values at defaults.
Services: Unbound DNS: Query Forwarding: Use System Nameservers - checked
If I do a DNS lookup from the firewall via diagnostics I get this
Response
Type Answer Server Query time
A www.msn.com. 11115 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 130 IN CNAME a-0003.a-msedge.net.
a-0003.a-msedge.net. 238 IN A 204.79.197.203 127.0.0.1 0 msec
MX www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 28 msec
TXT www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 0 msec
I then do a lookup form the host ok, however, when I do second lookup I get this error
Server: OPNsense.localdomain
Address: <my LAN interface IP>
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for www.msn.com
and when I do a second internal lookup no A record is returned ONLY the TXT and MX record.
Here is a snip from the log viewer for a good lookup
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 1 145
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.037137 0 145
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:38 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.010582 0 29
2023-09-28T18:15:37 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.000000 1 104
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 0 145
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.026181 0 145
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.043634 0 29
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.022878 0 29
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN
Here is the second lookup - the one that returns no A records
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN NOERROR 0.057046 0 29
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN NOERROR 0.020184 0 29
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:0] info: localdomain. transparent 192.168.3.2@54870 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:2] info: localdomain. transparent 192.168.3.2@51736 www.msn.com.localdomain. A IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN
I have had to revert to DNSmasq till I get this sorted.
Any help appreciated. :-\
Pages1
