Show Posts
1
23.7 Legacy Series / Unbound not resolving Microsoft domains
« on: September 28, 2023, 10:19:13 am »
This is a weird one.
Since upgrading to the 23.x.x firmware unbound has been causing me no end of issues.
Config:
Services: Unbound DNS: General: Enable DNS64 Support - checked
Services: Unbound DNS: General: DNS64 Prefix - 64:ff9b::/96
Services: Unbound DNS: General: Flush DNS Cache during reload - checked
Services: Unbound DNS: General: Local Zone Type - transparent
Services: Unbound DNS: Overrides - none
Services: Unbound DNS: Advanced: General Settings - nothing checked, all values at defaults.
Services: Unbound DNS: Query Forwarding: Use System Nameservers - checked
If I do a DNS lookup from the firewall via diagnostics I get this
Response
Type Answer Server Query time
A www.msn.com. 11115 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 130 IN CNAME a-0003.a-msedge.net.
a-0003.a-msedge.net. 238 IN A 204.79.197.203 127.0.0.1 0 msec
MX www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 28 msec
TXT www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 0 msec
I then do a lookup form the host ok, however, when I do second lookup I get this error
Server: OPNsense.localdomain
Address: <my LAN interface IP>
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for www.msn.com
and when I do a second internal lookup no A record is returned ONLY the TXT and MX record.
Here is a snip from the log viewer for a good lookup
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 1 145
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.037137 0 145
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:38 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.010582 0 29
2023-09-28T18:15:37 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.000000 1 104
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 0 145
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.026181 0 145
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.043634 0 29
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.022878 0 29
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN
Here is the second lookup - the one that returns no A records
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN NOERROR 0.057046 0 29
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN NOERROR 0.020184 0 29
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:0] info: localdomain. transparent 192.168.3.2@54870 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:2] info: localdomain. transparent 192.168.3.2@51736 www.msn.com.localdomain. A IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN
I have had to revert to DNSmasq till I get this sorted.
Any help appreciated.
Since upgrading to the 23.x.x firmware unbound has been causing me no end of issues.
Config:
Services: Unbound DNS: General: Enable DNS64 Support - checked
Services: Unbound DNS: General: DNS64 Prefix - 64:ff9b::/96
Services: Unbound DNS: General: Flush DNS Cache during reload - checked
Services: Unbound DNS: General: Local Zone Type - transparent
Services: Unbound DNS: Overrides - none
Services: Unbound DNS: Advanced: General Settings - nothing checked, all values at defaults.
Services: Unbound DNS: Query Forwarding: Use System Nameservers - checked
If I do a DNS lookup from the firewall via diagnostics I get this
Response
Type Answer Server Query time
A www.msn.com. 11115 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 130 IN CNAME a-0003.a-msedge.net.
a-0003.a-msedge.net. 238 IN A 204.79.197.203 127.0.0.1 0 msec
MX www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 28 msec
TXT www.msn.com. 7978 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 65 IN CNAME a-0003.a-msedge.net. 127.0.0.1 0 msec
I then do a lookup form the host ok, however, when I do second lookup I get this error
Server: OPNsense.localdomain
Address: <my LAN interface IP>
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for www.msn.com
and when I do a second internal lookup no A record is returned ONLY the TXT and MX record.
Here is a snip from the log viewer for a good lookup
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 1 145
2023-09-28T18:15:38 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.037137 0 145
2023-09-28T18:15:38 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:38 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.010582 0 29
2023-09-28T18:15:37 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.000000 1 104
2023-09-28T18:15:37 Informational unbound [18005:0] info: 127.0.0.1 www.msn.com. A IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN NOERROR 0.000000 0 145
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. TXT IN
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN NOERROR 0.026181 0 145
2023-09-28T18:15:36 Informational unbound [18005:3] info: 127.0.0.1 www.msn.com. MX IN
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN NOERROR 0.043634 0 29
2023-09-28T18:15:36 Informational unbound [18005:1] info: 127.0.0.1 www.msn.com. AAAA IN
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN NOERROR 0.022878 0 29
2023-09-28T18:15:36 Informational unbound [18005:2] info: 127.0.0.1 www.msn.com. A IN
Here is the second lookup - the one that returns no A records
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN NOERROR 0.057046 0 29
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN NOERROR 0.020184 0 29
2023-09-28T18:17:02 Informational unbound [18005:1] info: 192.168.3.2 www.msn.com. A IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:0] info: localdomain. transparent 192.168.3.2@54870 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:0] info: 192.168.3.2 www.msn.com.localdomain. AAAA IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN NXDOMAIN 0.000000 1 116
2023-09-28T18:17:02 Informational unbound [18005:2] info: localdomain. transparent 192.168.3.2@51736 www.msn.com.localdomain. A IN
2023-09-28T18:17:02 Informational unbound [18005:2] info: 192.168.3.2 www.msn.com.localdomain. A IN
I have had to revert to DNSmasq till I get this sorted.
Any help appreciated.