Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - MW

Pages1
#1
25.1, 25.4 Series / Re: Certain domains not resolvin in Unbound DNS
October 21, 2025, 10:21:05 AM
I adopted your settings, unfortunately it did not solve the problem.

I set the option "Use System Nameservers" in the Query Forwarding settings. I am now able to resolve anything, but with the price of losing the cache if i am right...
#2
25.1, 25.4 Series / Re: Certain domains not resolvin in Unbound DNS
October 21, 2025, 07:46:08 AM
Thanks for the quick reply, i was already out of the office yesterday.

"Harden DNSSEC Data", "Aggressive NSEC" and "Strict QNAME Minimisation" are unchecked.

Screendumps are attached.

I also set the log levels higher and added the resolver.log for my latest attempt to resolve arcor.de
#3
25.1, 25.4 Series / Re: Certain domains not resolvin in Unbound DNS
October 20, 2025, 04:04:03 PM
Even diagnostics on localhost fails

2025-10-20 16:00:11   localhost   MX   arcor.de.   Drop   Local   SERVFAIL   0ms   0   

I have really no idea where to look deeper. Firewall log is green all the way.

Backend Log:
2025-10-20T16:00:17   Notice   configd.py   [dfd56303-501c-4d9e-89b5-b9cc2f3b9d86] query dns records 127.0.0.1 arcor.de

Unbound Log since last service restrt
2025-10-20T14:07:47   Informational   unbound   [6209:0] info: dnsbl_module: successfully opened pipe   
2025-10-20T14:07:47   Informational   unbound   [6209:0] info: dnsbl_module: attempting to open pipe   
2025-10-20T14:07:46   Notice   unbound   Backgrounding unbound logging backend.   
2025-10-20T14:07:46   Informational   unbound   [6209:0] info: start of service (unbound 1.23.1).
#4
25.1, 25.4 Series / Re: Certain domains not resolvin in Unbound DNS
October 20, 2025, 01:53:01 PM
The local search domain is always added by the windows server ia am using, but nevertheless the name resolution for other domains works. In that case, the reporting shows both entries, with and without the local domain.

I do not have any DNS filtering on the OPNSense, but i tried arcor.de and it gives me the same error. I tried from a windows server that is not doamain joines to eliminate the local domain


2025-10-20 13:51:04   CLIENT.IP.ADDRESS   AAAA   arcor.de.   Drop   Local   SERVFAIL   0ms   0   
#5
25.1, 25.4 Series / Certain domains not resolvin in Unbound DNS
October 20, 2025, 01:20:09 PM
Hi,

i'm on 25.4.3 Business and the Unbound DNS on one of our customers Firewalls is showing a strange behaviour.
DNS resolution works fine for everything, but there is one domain that doe not get resolved.

Domain is stuttgart.de and its subdomain e.g. vergabe.stuttgart.de

Client gets a timeout and the Unbound Reporting shows the following entries:

2025-10-20 12:52:23    CLIENT.IP.ADDRESS    A    vergabe.stuttgart.de.    Drop    Local    SERVFAIL    0ms    0   
2025-10-20 12:52:23    CLIENT.IP.ADDRESS      AAAA    vergabe.stuttgart.de.localdomain.local.    Pass    Recursion    NXDOMAIN    16ms    3600   
2025-10-20 12:52:23    CLIENT.IP.ADDRESS    A    vergabe.stuttgart.de.localdomain.local.    Pass    Recursion    NXDOMAIN    44ms    3600   
2025-10-20 12:52:23    CLIENT.IP.ADDRESS    AAAA    vergabe.stuttgart.de.    Drop    Local    SERVFAIL    0ms    0

As a workaround, i made a Query Forwarding to 8.8.8.8 and then it works.
DNS blacklisting is completely disabled, no idea where to dig here...
#6
24.7, 24.10 Legacy Series / Microsoft Exchange OWA/ECP behind OPNWAF with web protection
January 13, 2025, 01:21:11 PM
Hi,

has anyone succesfully secured a Microsoft Exchenge OWA/ECP behind the OPNWAF included in Business edition with web protection enabled?
As i can see there is only a small specific ruleset for exclusions which do not cover MS Exchange.
So far it did only work without web protection for me...
#7
High availability / Decision for Disconnect dialup interfaces
October 08, 2024, 10:15:18 AM
Hi,
i am trying to set up a OPNSense Cluster with PPPoE dialup WAN.
I Tried the solution provided her https://www.mayrhofer.eu.org/post/opnsense-pppoe-ha/ but i cant setup a gateway after configuration of the pppoe interface.

How does the option "Disconnect dialup interfaces" work? I don't see any options to define how this is triggered.
Is it enough when most of the interfaces are in CARP Backup state?

Thanks for any help!
#8
General Discussion / Re: Update OPNSense Business to specific version
October 24, 2023, 03:28:09 PM
Thank you very much for the quick response.
Version 23.4.2p1 equals 23.4.2_1 from the forum release notes?
#9
General Discussion / [SOLVED] Update OPNSense Business to specific version
October 24, 2023, 03:12:03 PM
Hi,
is there any way to upgrade OPNsense Business to a specific version via Flavour?
In community edidtion, i look up the flavour via https://pkg.opnsense.org/ but i can't find business versions there.

Regards,
MW
#10
23.7 Legacy Series / Re: OPNWAF Business 23.10 empty dropdown
October 19, 2023, 03:23:41 PM
Not really what i was hoping for, but thanks for the workaround.
I usually don't use description because the Name of an object ist usually ebough for me.
#11
23.7 Legacy Series / [SOLVED] OPNWAF Business 23.10 empty dropdown
October 18, 2023, 04:33:51 PM
Hi,
i currently set up a OPNSense Business 23.10 (brand-new, i know).
I installed OPNWAF and i am struggling with the config.

In the locations, i can't select a virtual server, just empty lines showing up in the dropdown...

Any suggestions? Tried several browsers, themes,...
Pages1