Localhost Flooding Unbound with Constant Local PTR Requests

Started by cjmerkle, January 04, 2024, 07:55:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 04, 2024, 07:55:07 PM
I recently setup OPNSense on a Protectli Vault FW2B and I am having an issue. In in Unbound DNS reporting tab, I see constant (~4,500 every 10 minutes) local PTR requests from localhost (the Protectli).

I have Unbound running on Port 53, and I have an instance of AdGuard Home running on a separate server. I have my DHCP DNS set to my AdGuard Home's IP, and in AGH I have OPNSense's IP as the upstream as well as the Private reverse DNS server. In AGH I have "Use private reverse DNS resolvers" and "Enable reverse resolving of clients' IP addresses" checked.

In Unbound, I have all network interfaces selected, and I have "Register DHCP Leases" and "Register DHCP Static Mappings" checked.

I have a NAT port forward rule to redirect all DNS requests from clients other than OPNSense or AGH to destination other than AGH to AGH.

In OPNSense System > Settings > General I have no DNS servers listed, and I have "Allow DNS server list to be overridden by DHCP/PPP on WAN" and "Do not use the local DNS service as a nameserver for this system" unchecked.

Note that I do also see PTR requests from AGH in unbound as expected since I have Use private reverse DNS resolvers" and "Enable reverse resolving of clients' IP addresses" checked, but they are much less frequent and not problematic.

Note that I have the Telegraf plugin installed but I tried disabling it and it had no effect. I also have the wireguard-kernel plugin installed but I don't see how that's relevant.

I previously had another instance of AGH installed on OPNSense running on port 53 with Unbound on port 5353 as the upstream, but I was seeing all these PTR requests in AGH and thought maybe having AGH installed on OPNSense was the issue, but it was not. I am still seeing all the PTR requests in Unbound without the OPNSense AGH plugin.

I tried pretty much every troubleshooting step I could think of, including but not limited to:


  • Completely shutting down AGH
  • Disabling the NAT port forward rule which re-directs traffic to AGH
  • Disabling "Register DHCP Leases" and "Register DHCP Static Mappings" in Unbound
  • Rebooting OPNSense numerous times

PLEASE help me figure this out. It is driving me absolutely mad.



Print
Go Up Pages1
User actions