1
19.1 Legacy Series / Troubleshooting client & server DNS resolution issues when using Unbound?
« on: April 11, 2019, 06:18:39 pm »
I started a thread on Reddit and thought perhaps I should bring it over to the forum for further discussion.
I don't really want to repeat my initial remarks from Reddit here, so I figure I'll summarize the most salient points (unless someone would like for me to pull everything into this).
As indicated, I'm following this guide for pfSense (but it's been nearly a one-to-one translation so kudos to you guys for keeping things so clearly similar while improving the UI!!) and have gotten stuck with DNS issues, specifically in STEP 11.
I'm on OPNsense 19.1.5_1-amd64 and using Unbound (Dnsmasq is disabled) and I have verbosity set to level 3 for Unbound. I'm able to watch the Unbound logs with "clog -f /var/log/resolver.log".
I have OPNsense set up in an isolated test network with 2 clients attached (1 Windows 10 with DHCP & 1 Linux with a static IP). OPNsense is running at 192.168.1.1. The Windows and Linux clients are both able to ping OPNsense AND 8.8.8.8 (so traffic is fine both locally and out to the internet). When I assign DNS manually to either client (8.8.8.8 ) they can resolve hostnames fine and browse the web, but when 192.16.1.1 (OPNsense) is used as the DNS server on either system, no name resolution occurs.
There are no updates in resolver.log when websites are visited or name queries should be made.
I found that when I do "telnet 8.8.8.8 53" I am able to get a response (well it hangs up on me since it needs a binary understanding client vs telnet), but when I do this for OPNsense ("telnet 192.168.1.1 53") it times out and there is nothing within the resolver.log.
I don't know all the fields in /var/log/filter.log, but saw that filter.log was being updated pretty quickly and so I filtered for "53" ("clog -f /var/log/filter.log | grep 53") and saw this:
Each of the 3 longer lines there is a time I did "telnet 192.168.1.1 53".
I have to think there's some kind of firewall or some other issue blocking Unbound (port 53) from replying..... What could be going on?
I don't really want to repeat my initial remarks from Reddit here, so I figure I'll summarize the most salient points (unless someone would like for me to pull everything into this).
As indicated, I'm following this guide for pfSense (but it's been nearly a one-to-one translation so kudos to you guys for keeping things so clearly similar while improving the UI!!) and have gotten stuck with DNS issues, specifically in STEP 11.
I'm on OPNsense 19.1.5_1-amd64 and using Unbound (Dnsmasq is disabled) and I have verbosity set to level 3 for Unbound. I'm able to watch the Unbound logs with "clog -f /var/log/resolver.log".
I have OPNsense set up in an isolated test network with 2 clients attached (1 Windows 10 with DHCP & 1 Linux with a static IP). OPNsense is running at 192.168.1.1. The Windows and Linux clients are both able to ping OPNsense AND 8.8.8.8 (so traffic is fine both locally and out to the internet). When I assign DNS manually to either client (8.8.8.8 ) they can resolve hostnames fine and browse the web, but when 192.16.1.1 (OPNsense) is used as the DNS server on either system, no name resolution occurs.
There are no updates in resolver.log when websites are visited or name queries should be made.
I found that when I do "telnet 8.8.8.8 53" I am able to get a response (well it hangs up on me since it needs a binary understanding client vs telnet), but when I do this for OPNsense ("telnet 192.168.1.1 53") it times out and there is nothing within the resolver.log.
I don't know all the fields in /var/log/filter.log, but saw that filter.log was being updated pretty quickly and so I filtered for "53" ("clog -f /var/log/filter.log | grep 53") and saw this:
Each of the 3 longer lines there is a time I did "telnet 192.168.1.1 53".
I have to think there's some kind of firewall or some other issue blocking Unbound (port 53) from replying..... What could be going on?