1
24.1 Production Series / Re: ConnectX-3 stopped connecting after upgrade to 24.1
« on: March 30, 2024, 03:06:21 pm »
Not sure what changed, but this appears to be fixed in 24.1.4. I'm no longer having any problems after updating.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Is there any reason I want to use forwarders vs root servers? I can understand forwarders would be necessary if I wanted to use a filtering service like OpenDNS, but failing that aren't all DNS servers designed to use root hints?
QuoteWhat do they think they're getting by using a random IPnot random. it is possible to specify the desired ip address which, for example, will lead to a page explaining the reason for the blocking (and collect statistics )
Neither this response nor your original post have clarified anything. What benefit are you expecting to see from returning a "wrong" IP instead of just blocking the request?DNS bases ad blockers frequently return e.g. 0.0.0.0 for a blocked FQDN.
I'm testing by using dig (eg. dig @routerIP notwanted.domain), it should resolve to a predefined IP (as shown on screenshot) effectively blocking that domain. That's what blocklists are for, right?
IPlease read my original post again, it'll clarify everything. By blocking selected domains (or actually redirecting them to "wrong" IP, as shown on screenshot) instead of allowing access to malicious service, let's say a web page something else will be provided by a non-malicious server. Very simple solution.
What do you have under DNS server options on the General page?
Under system > settings > general > DNS servers I have 1.1.1.1 and 8.8.8.8.
Not DNS servers. DNS server options. The section below where the DNS servers are entered.
Nothing checked there.
Hi,
I have had the same problems since a few updates ago.
I'm on OPNsense 24.1.3_1-amd64
IPv6 Is disabled overall, I'm using 8.8.8.8 or 1.1.1.1 as default DNS on opnsense, with no override on LANs.
In unbound I don't have DNSSEC and I don't have query forwarding ON.
Every now and then I get SERVFAIL for exceeded maximum requests, I have up to 8000 contemporary requests at specific times of the day.
With dnsqmasq I have no problems
What do you have under DNS server options on the General page?
Under system > settings > general > DNS servers I have 1.1.1.1 and 8.8.8.8.
This is why I've switched to AdGuard Home for my network. As it supports more modern things, in regards to DNS.
@CJ
I fixed my Firefox browser and selected maximum protection and selected NextDNS in the security and privacy settings. Thank u.