Queries for DNS, not sure what they are for

Started by hushcoden, November 24, 2024, 09:00:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 24, 2024, 09:00:34 PM Last Edit: November 24, 2024, 09:22:53 PM by hushcoden
I've configured Unbound with DoT and Quad9 servers (9.9.9.9 & 149.112.112.112), and looking at the firewall live view on the WAN interface, I see continual calls to those servers on port 53 (and not 853) where the source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

I'd want to know if that's normal beavhiour or there is something wrong in my configuration.

Tia.
November 24, 2024, 09:38:52 PM #1
There are some "ifs, ands and buts" around how the OPNsense host itself resolves DNS, primarily controlled via System -> Settings -> General -> Networking options. If you want to use Unbound for everything, you probably want that entire section to be blank (i.e. no DNS servers specified, and all options unchecked).
November 24, 2024, 09:45:58 PM #2
Quote from: dseven on November 24, 2024, 09:38:52 PM
There are some "ifs, ands and buts" around how the OPNsense host itself resolves DNS, primarily controlled via System -> Settings -> General -> Networking options. If you want to use Unbound for everything, you probably want that entire section to be blank (i.e. no DNS servers specified, and all options unchecked).
Yes, I can confirm nothing has been checked/selected on that networking section...
November 24, 2024, 09:48:51 PM #3
Or maybe

System -> Settings -> General -> Networking -> DNS

127.0.0.1
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 24, 2024, 10:17:00 PM #4 Last Edit: November 24, 2024, 10:19:07 PM by hushcoden
Quote from: chemlud on November 24, 2024, 09:48:51 PM
Or maybe

System -> Settings -> General -> Networking -> DNS

127.0.0.1
Sorry, I don't understand what you mean...

As I said, the section System -> Settings -> General -> Networking is all blank/unchecked

I really would like to understand if there is anything to be concerned, e.g. something to change in my config...

Also, if I click on info box information, it brings up a pop up window (Detailed rule info) with reference to the "Disable force gateway" option in the Firewall -> Settings -> Advanced section

November 25, 2024, 09:43:10 AM #5 Last Edit: November 25, 2024, 11:43:01 AM by dseven
Hmm. Maybe Unbound is using plain port 53 for some requests. It might be interesting to do a packet capture (for port 53) and see what's being looked up....
November 25, 2024, 11:21:56 AM #6 Last Edit: November 27, 2024, 08:03:41 PM by meyergru
When I enable "strict" DoT, I do not see any of that, neither via Quad9 nor via Cloudflare.

There must be something else in your configuration that causes this. What comes to mind is: Domain Overrides, Query Forwarding or - most likely - some other daemon that does DNS on its own (probably Zenarmor?).

You can rule out Unbound by using Cloudflare instead of Quad9 for DoT and see if the other queries continue on Quad9.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
November 27, 2024, 06:56:26 PM #7
So, yes, there was 'something else' and that was the PS5  ::)  I forgot I manually configured the DNS with Quad9

As soon as I turn it off, all that 'noise' stops  ;D

Thank you all.
Print
Go Up Pages1
User actions