Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - cschafer

Pages1
#1
24.1, 24.4 Legacy Series / Re: Banking App: "something has gone wrong"
June 01, 2025, 02:01:16 AM
@meyergru   -- yes, you are correct, the DNSSEC "fix" wasn't right after all.

[RESOLVED]

In my case, I found out that the source of my problem was operator error - I had a bad configuration in Unbound DNS.  I had incorrectly  turned on DNS64 support without having a proper NAT64 service running.   After disabling  "Enable DNS64 Support" box in Unbound DNS, DNS inquiries for apps.axosbank.com returned only the proper A records (IPv4 records for Axos Bank mobile app) and.. the mobile app started working.   

Before correcting my config, unbound DNS withe the DNS64 support enabled was generating and returning IPv6 AAAA records intended for a NAT64 service (which I didn't have enabled).  And perhaps the Axos Mobile bank preferred to use IPv6 addressing whenever present (just a guess). See below for more details:

Before correction:
apps.axosbank.com  A  104.16.188.72
apps.axosbank.com  A  104.16.189.72
apps.axosbank.com  AAAA 64:ff9b::6810:bc48    (synthetic AAAA record generated by Unbound DNS for NAT64)
apps.axosbank.com  AAAA 64:ff9b::6310:bd48   (synthetic AAAA record for NAT64)

After unchecking the DNS64 support, Unbound DNS returned only the proper IPv4 A records that came from the source DNS server.
apps.axosbank.com  A  104.16.188.72
apps.axosbank.com  A  104.16.189.72
#2
24.1, 24.4 Legacy Series / Re: Banking App: "something has gone wrong"
May 31, 2025, 11:27:29 PM
I had a similar issue with my iphone mobile banking app for Axos.  It would work just fine on cellular connection, but whenever connected to internet through WiFi and OPNsense, the Axos mobile app would fail to function (albeit logging into Axos web page still worked from a PC on the same OPNsense network).

For me, I traced the problem back to the OPNsense Unbound DNS server, but haven't found a fix as of yet.  If anyone has a further suggestion, I would be appreciate.  [CORRECTION -- DNSSEC didn't make a difference after all]

The only way I could get the mobile app to work on Wifi/OPNsense was to disable Unbound DNS and re-directing DHCP clients to an external DNS instead to fix the issue.

Services -> Unbound DNS -> Enable:  disabled
Services -> ISC DHCPv4 -> [LAN] -> DNS servers:  "" (blank to use system default DNS servers which are 8.8.8.8 and 8.8.4.4 google DNS)

 I'll keep working on trying to find a fix for OPNsense Unbound DNS, but so far no luck.
Pages1