DNS/AdGuard stopped working: "Update check failed" ***solved****

[dgvans]

Dear All

here I am with my first post (please excuse my ignorance) with a question about my OPNsense box whose DNS by AdGuard stopped working after a restart, no settings were changed beforehand.

It looks like the AdGuard DNS resolve stopped working, but I can't find any settings that were changed. I am using ZFS but I was not smart enough to use Snapshots (go do it now dear reader ;-)

My AdGuard (minug plugin) says :

Code Select Expand

Update check failed. Please check your Internet connection.

My OPNsense health audit says:

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 24.7.5_3 at Wed Jan  1 04:42:29 CET 2020
>>> Root file system: zroot/ROOT/20200101030617-dnsbroken
>>> Check installed kernel version
Version 24.7.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 24.7.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
mimugmail (Priority: 5)
>>> Check installed plugins
os-adguardhome-maxit 1.12
os-etpro-telemetry 1.7_4
os-intrusion-detection-content-et-open 1.0.2_2
os-maltrail 1.10
os-smart 2.2_5
os-theme-rebellion 1.9.1
os-wazuh-agent 1.0_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
wazuh-agent is missing a required shared library: libthr.so.3
wazuh-agent is missing a required shared library: libc.so.7
>>> Check for missing or altered package files
Checking all packages: ....
os-adguardhome-maxit-1.12: checksum mismatch for /usr/local/AdGuardHome/AdGuardHome
os-adguardhome-maxit-1.12: checksum mismatch for /usr/local/AdGuardHome/AdGuardHome.sig
Checking all packages......... done
>>> Check for core packages consistency
Core package "opnsense" has 68 dependencies to check.
Checking packages: .
beep-1.0_2 has no upstream equivalent
Checking packages: .
ca_root_nss-3.93 has no upstream equivalent
Checking packages: .
choparp-20150613_1 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20240919 has no upstream equivalent
Checking packages: .
dhcrelay-1.0 has no upstream equivalent
Checking packages: .
dnsmasq-2.90_2,1 has no upstream equivalent
Checking packages: .
dpinger-3.3 has no upstream equivalent
Checking packages: .
expiretable-0.6_3 has no upstream equivalent
Checking packages: .
filterlog-0.7_1 has no upstream equivalent
Checking packages: .
flock-2.37.2_1 has no upstream equivalent
Checking packages: .
flowd-0.9.1_5 has no upstream equivalent
Checking packages: .
hostapd-2.11_1 has no upstream equivalent
Checking packages: .
ifinfo-13.0_1 has no upstream equivalent
Checking packages: .
iftop-1.0.p4_1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.3P1_1 has no upstream equivalent
Checking packages: .
kea-2.6.1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.76 has no upstream equivalent
Checking packages: .
monit-5.33.0_1 has no upstream equivalent
Checking packages: .
mpd5-5.9_18 has no upstream equivalent
Checking packages: .
ntp-4.2.8p18 has no upstream equivalent
Checking packages: .
openssh-portable-9.8.p1_1,1 has no upstream equivalent
Checking packages: .
openvpn-2.6.12 has no upstream equivalent
Checking packages: .
opnsense-24.7.5_3 has no upstream equivalent
Checking packages: .
opnsense-installer-24.7 has no upstream equivalent
Checking packages: .
opnsense-lang-23.7.11 has no upstream equivalent
Checking packages: .
opnsense-update-24.7.5 has no upstream equivalent
Checking packages: .
pam_opnsense-24.1 has no upstream equivalent
Checking packages: .
pftop-0.10_1 has no upstream equivalent
Checking packages: .
php82-ctype-8.2.23 has no upstream equivalent
Checking packages: .
php82-curl-8.2.23 has no upstream equivalent
Checking packages: .
php82-dom-8.2.23 has no upstream equivalent
Checking packages: .
php82-filter-8.2.23 has no upstream equivalent
Checking packages: .
php82-gettext-8.2.23 has no upstream equivalent
Checking packages: .
php82-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php82-ldap-8.2.23 has no upstream equivalent
Checking packages: .
php82-pcntl-8.2.23 has no upstream equivalent
Checking packages: .
php82-pdo-8.2.23 has no upstream equivalent
Checking packages: .
php82-pear-Crypt_CHAP-1.5.0_1 has no upstream equivalent
Checking packages: .
php82-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php82-phalcon-5.8.0 has no upstream equivalent
Checking packages: .
php82-phpseclib-3.0.42 has no upstream equivalent
Checking packages: .
php82-session-8.2.23 has no upstream equivalent
Checking packages: .
php82-simplexml-8.2.23 has no upstream equivalent
Checking packages: .
php82-sockets-8.2.23 has no upstream equivalent
Checking packages: .
php82-sqlite3-8.2.23 has no upstream equivalent
Checking packages: .
php82-xml-8.2.23 has no upstream equivalent
Checking packages: .
php82-zlib-8.2.23 has no upstream equivalent
Checking packages: .
pkg-1.19.2_1 has no upstream equivalent
Checking packages: .
py311-Jinja2-3.1.4 has no upstream equivalent
Checking packages: .
py311-dnspython-2.6.1,1 has no upstream equivalent
Checking packages: .
py311-duckdb-1.0.0 has no upstream equivalent
Checking packages: .
py311-netaddr-1.3.0 has no upstream equivalent
Checking packages: .
py311-numpy-1.25.0_7,1 has no upstream equivalent
Checking packages: .
py311-pandas-2.0.3_2,1 has no upstream equivalent
Checking packages: .
py311-requests-2.32.3 has no upstream equivalent
Checking packages: .
py311-sqlite3-3.11.10_7 has no upstream equivalent
Checking packages: .
py311-ujson-5.10.0 has no upstream equivalent
Checking packages: .
py311-vici-5.9.11 has no upstream equivalent
Checking packages: .
radvd-2.19_4 has no upstream equivalent
Checking packages: .
rrdtool-1.9.0 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
strongswan-5.9.14 has no upstream equivalent
Checking packages: .
sudo-1.9.16 has no upstream equivalent
Checking packages: .
suricata-7.0.6_2 has no upstream equivalent
Checking packages: .
syslog-ng-4.8.0_2 has no upstream equivalent
Checking packages: .
unbound-1.21.0 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.11_2 has no upstream equivalent
Checking packages: .
zip-3.0_2 has no upstream equivalent
***DONE***

The connection audit says:

Code Select Expand

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 24.7.5_3 at Wed Jan  1 05:33:02 CET 2020
No IPv4 address could be found for host: mirror-opnsense.serverbase.ch
No IPv6 address could be found for host: mirror-opnsense.serverbase.ch
Checking server certificate for host: pkg.opnsense.org
0020616199220000:error:10080002:BIO routines:BIO_lookup_ex:system lib:/usr/src/crypto/openssl/crypto/bio/bio_addr.c:738:Name does not resolve
connect:errno=0
***DONE***



The time of my OPNsense box reverted to January 2020. restarts and turning off/on of Unbound, AdGuard/deinstalling AdGuard did not help.

The internet connection seems to work. If I ping 9.9.9.9 from my client (connected to the OPNsense, connected to the modem.)

The maltrail seems to not work anymore, can't login to maltrail. It says "unauthorized" in the window header


Here is my concrete question:

1. How can I make DNS work again, can I use my Unbound instead? -> how?


Please let me know if other info/screenshots are needed.


With big thanks and kind regards

TLDR:
here is what helped:

Get internet by:
1. deinstall AdGuard
2. adjust the firewall/NAT rules from pointing port 53 -> port 53530. deactivate the rule temporarily.
3. restart the box. -> DNS translation should work again by using Unbound.

Reinstall AdGuard
4. reinstall AdGuard from Firmware/Plugins
5. reactivate the firewall/NAT rues to point port 53 (DNS) again to port 53530 (Adguard).
6. IF using ZFS do a snapshot now, so you are able to revert in case of another failure.


Bis thanks to Tuxtom007 and his helpful advice from https://forum.opnsense.org/index.php?topic=43159.0

[dgvans]

PS: here is a similar problem from the four:

https://forum.opnsense.org/index.php?topic=43159.msg214597#msg214597

The solution might not work for me as I already run Unbound on port 53, see attached photo.