Show Posts
1
23.7 Legacy Series / Localhost Flooding Unbound with Constant Local PTR Requests
« on: January 04, 2024, 07:55:07 pm »
I recently setup OPNSense on a Protectli Vault FW2B and I am having an issue. In in Unbound DNS reporting tab, I see constant (~4,500 every 10 minutes) local PTR requests from localhost (the Protectli).
I have Unbound running on Port 53, and I have an instance of AdGuard Home running on a separate server. I have my DHCP DNS set to my AdGuard Home's IP, and in AGH I have OPNSense's IP as the upstream as well as the Private reverse DNS server. In AGH I have "Use private reverse DNS resolvers" and "Enable reverse resolving of clients' IP addresses" checked.
In Unbound, I have all network interfaces selected, and I have "Register DHCP Leases" and "Register DHCP Static Mappings" checked.
I have a NAT port forward rule to redirect all DNS requests from clients other than OPNSense or AGH to destination other than AGH to AGH.
In OPNSense System > Settings > General I have no DNS servers listed, and I have "Allow DNS server list to be overridden by DHCP/PPP on WAN" and "Do not use the local DNS service as a nameserver for this system" unchecked.
Note that I do also see PTR requests from AGH in unbound as expected since I have Use private reverse DNS resolvers" and "Enable reverse resolving of clients' IP addresses" checked, but they are much less frequent and not problematic.
Note that I have the Telegraf plugin installed but I tried disabling it and it had no effect. I also have the wireguard-kernel plugin installed but I don't see how that's relevant.
I previously had another instance of AGH installed on OPNSense running on port 53 with Unbound on port 5353 as the upstream, but I was seeing all these PTR requests in AGH and thought maybe having AGH installed on OPNSense was the issue, but it was not. I am still seeing all the PTR requests in Unbound without the OPNSense AGH plugin.
I tried pretty much every troubleshooting step I could think of, including but not limited to:
PLEASE help me figure this out. It is driving me absolutely mad.
I have Unbound running on Port 53, and I have an instance of AdGuard Home running on a separate server. I have my DHCP DNS set to my AdGuard Home's IP, and in AGH I have OPNSense's IP as the upstream as well as the Private reverse DNS server. In AGH I have "Use private reverse DNS resolvers" and "Enable reverse resolving of clients' IP addresses" checked.
In Unbound, I have all network interfaces selected, and I have "Register DHCP Leases" and "Register DHCP Static Mappings" checked.
I have a NAT port forward rule to redirect all DNS requests from clients other than OPNSense or AGH to destination other than AGH to AGH.
In OPNSense System > Settings > General I have no DNS servers listed, and I have "Allow DNS server list to be overridden by DHCP/PPP on WAN" and "Do not use the local DNS service as a nameserver for this system" unchecked.
Note that I do also see PTR requests from AGH in unbound as expected since I have Use private reverse DNS resolvers" and "Enable reverse resolving of clients' IP addresses" checked, but they are much less frequent and not problematic.
Note that I have the Telegraf plugin installed but I tried disabling it and it had no effect. I also have the wireguard-kernel plugin installed but I don't see how that's relevant.
I previously had another instance of AGH installed on OPNSense running on port 53 with Unbound on port 5353 as the upstream, but I was seeing all these PTR requests in AGH and thought maybe having AGH installed on OPNSense was the issue, but it was not. I am still seeing all the PTR requests in Unbound without the OPNSense AGH plugin.
I tried pretty much every troubleshooting step I could think of, including but not limited to:
- Completely shutting down AGH
- Disabling the NAT port forward rule which re-directs traffic to AGH
- Disabling "Register DHCP Leases" and "Register DHCP Static Mappings" in Unbound
- Rebooting OPNSense numerous times
PLEASE help me figure this out. It is driving me absolutely mad.