Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mickelson

Pages1
#1
25.7 Series / Re: Unbound DNS stops resolving certain domains
August 19, 2025, 09:15:36 AM
Thanks for the answer. I've verified it and indeed adding "com.pl" to the end of a query seems to be an issue with the client, independent of my main problem. Right now everything works fine, but when I do nslookup google.com (I'm using Windows 11) I get the following non-authoritative answer:
Name:    google.com
Addresses:  2a00:1450:401b:80d::200e
          142.250.186.206

However, Unbound logs still show me this:
[99803:0] error: SERVFAIL <google.com.com.pl. AAAA IN>: all servers for this domain failed, at zone com.com.pl. from 178.32.3.81 got REFUSED
[99803:1] error: SERVFAIL <google.com.com.pl. A IN>: all servers for this domain failed, at zone com.com.pl. from 178.32.3.81 got REFUSED

I have no idea why nslookup would try the "com.pl" suffix, especially when it gets the answer for google.com. Nonetheless, now that I know it occurs even when domains are successfully resolved, I think that my main problem - i.e. Unbound ceasing to resolve some domains for a few minutes - is not connected to that issue. Do you know how I could fix the Unbound problem, or at least what I could do to better diagnose what's going on?
#2
25.7 Series / Unbound DNS stops resolving certain domains
August 18, 2025, 08:11:24 PM
I'm running OPNsense 25.7.1. Sometimes Unbound stops resolving certain domains, seemingly at random (the domains that can't be resolved in one situation work just fine when the issue reappears with respect to other domains). The issue seems to go away if I just wait for a few minutes or - instantly - if I reboot the Unbound service. Just now I had a problem with "linkedin.com". When I tried to open it the domain couldn't be resolved and I encountered the following in the logs:

[99803:1] error: SERVFAIL <linkedin.com.com.pl. AAAA IN>: all servers for this domain failed, at zone com.com.pl. from 5.39.99.217 got REFUSED
[99803:0] error: SERVFAIL <linkedin.com.com.pl. A IN>: all servers for this domain failed, at zone com.com.pl. from 5.39.99.217 got REFUSED

I have absolutely no idea where the additional ".com.pl" came from. After a couple of minutes it started to work fine without me rebooting the service. The issues only started after I upgraded to 25.7, it worked flawlessly before (though I can see that other people had similar issues even with previous versions: https://www.reddit.com/r/opnsense/comments/1fp77p3/unbound_dns_woes_it_just_stops_working/). Is there a way to fix it?
#3
Virtual private networks / Chromecast over Wireguard
August 01, 2025, 08:35:41 PM
I'm running OPNsense 25.7 on my home router and I have a working WireGuard interface. On my LAN network there's a Chromecast device. Is there a way I could start streaming to that device from an app on my phone while I'm connected to my home network over VPN? Apparently os-udpbroadcastrelay doesn't work with WireGuard at all (the service won't even start) and os-mdns-repeater doesn't work either, even though it is on.

My firewall rules are ok, I think. There are rules that allow all traffic from LAN subnet to anywhere, as well as all traffic from WireGuard subnet to anywhere.

Has anyone figured out how to make it work?
Pages1