Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - poplin

Pages1
#1
25.7, 25.10 Series / Re: Erratic behaviour of bundle dnsmasq -> unbound on specific addresses
January 07, 2026, 02:44:10 PM
Thanks for your answer!

Quote from: nero355 on January 07, 2026, 12:21:01 AMWhen the domain both works and does not work :
Do you query both DNSmasqd and Unbound directly on the OPNsense Router ?
I hope I got your question right: the tests I've pasted before were made on the CLI of the router (sorry for not making that clearer), and also (but not showed or mentioned before) I've tested from different CLI of computers on the lan (vlan) side, and the situation was the same as on the router.  What made me think that the problem is on the router side, but as I said, I'm pretty clueless with this issue.

Thanks again!
#2
25.7, 25.10 Series / Erratic behaviour of bundle dnsmasq -> unbound on specific addresses
January 04, 2026, 06:15:39 PM
After initially attempting to configure Unbound to forward to Dnsmasq and encountering the same issues described by others, I switched to using Dnsmasq on port 53 forwarding to Unbound (recursive) on port 53053, configuring the Domain rule as outlined in the OPNsense documentation.

Everything appeared to work correctly until I noticed that my TV was reporting errors reaching certain addresses (for example, fr.app.lgwebostv.com).

When I tested DNS name resolution, I discovered there was a problem.

Code Select
$ drill @127.0.0.1 -p 53 fr.app.lgwebostv.com
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 38756
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; fr.app.lgwebostv.com.    IN    A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
lgwebostv.com.    422    IN    SOA    ns-951.awsdns-54.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Sun Jan  4 16:04:01 2026
;; MSG SIZE  rcvd: 135
It appears to be a name resolution issue.  I received the same response when querying Unbound directly on port 53053.

Restarting Unbound multiple times does not change the behavior, but, interestingly, restarting Dnsmasq (sometimes not once but twice -?!-) seems to restore proper name resolution for Unbound (and consequently to Dnsmasq).


Code Select
$ drill @127.0.0.1 -p 53053 fr.app.lgwebostv.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 63796
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; fr.app.lgwebostv.com.    IN    A

;; ANSWER SECTION:
fr.app.lgwebostv.com.    60    IN    A    52.16.45.77
fr.app.lgwebostv.com.    60    IN    A    54.76.24.108

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 4 msec
;; SERVER: 127.0.0.1
;; WHEN: Sun Jan  4 16:11:58 2026
;; MSG SIZE  rcvd: 70
After about 15 minutes, the situation reverts to its original state and name resolution starts failing again. When the failure occurs, if I change certain dnsmasq options (for example, by enabling "Do not forward to system defined DNS servers"), DNS lookups resume working by using the DNS servers configured under System → Settings → General (if no DNS servers in this section the failure continues).  This might suggest that dnsmasq is not successfully forwarding this address to Unbound. I only manage to detect this problem with the mentioned address and other two also related to lg tv.

This rather chaotic sequence of trial-and-error tests has been quite confusing, so any suggestions that could help clarify what is happening would be greatly appreciated.
Pages1