DNS failures unbound 25.7.5

Started by pftoopn, October 17, 2025, 04:55:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 17, 2025, 04:55:02 PM
I'm having issues with unbound resolving DNS. It happens with popular destinations such as github.com and reddit.com. I used to run pfsense before moving to opnsense with the same setup and never experience this issue. I've had this issue using Dnsmasq and recently with Kea.

My setup is as follows. My LAN uses Adgurad home, which is on a Raspberry Pi. Now using Kea, the LAN DNS is set to Adguard. Adguard's DNS is set to Unbound. The LAN points to 10.10.60.190 and the Adguard points to 10.10.60.1:53. It's fairly straightforward.

Unbound is setup on port 53. DNSSEC and Flush DNS Cache during reload are enabled.

Could this be an issue with unbound receiving requests from Adguard?
October 17, 2025, 06:04:06 PM #1
I dunno, I use 9.9.9.11 for all my dns, set by DHCP from fw. Point your Adguard to 9.9.9.11. Done.
Mini-pc N150 i226v x520, FREEDOM
October 17, 2025, 07:14:47 PM #2
For now, I'm testing without Adguard to see if there are issues. If none, I'll point to upstream DNS in Adguard. I like having unbound be a DNS resolver.
October 17, 2025, 09:52:21 PM #3
There is definitely an issue with Unbound. I'm getting the block again for sites I can access on my carrier network. This is with Unbound getting requrest directly and Adguard out of the picture.

Now I will enable Adguard and use upstream DNS servers.
October 18, 2025, 05:31:05 AM #4
Didnt mention if your running IPS
Didnt mention dns server setup
Finally mentioned it was a block
Didnt mention if browser is setup
October 19, 2025, 04:15:00 AM #5
You said blocked I would start with IPS alerts, is there anything blocking there
Some sites can get blocked, disable the rule
Re enable the rule when done if its a one time thing
Its a start
Second, did you change the firewall, it was mentioned
Third can you see if dns is behaving properly, logs, pcap
October 21, 2025, 06:13:09 AM #6
I am not running IPS. For DNS servers, I had these configurations. Unbound on 10.10.60.1:53 without adguard, and with adguard I had it pointing to the same IP.

Block was the wrong word. It was a DNS failure saying it can't find the website. My browser does not have any special configuration. I'm hosting my own instance of 4get for search.

I'm still getting the errors with adguard and upstream DNS servers (mullvad and quad9) just less of it. To clarify, the issue is present with adguard as the DNS, with adguard pointing to opnsense as the DNS, and without adguard and opnsense being the main DNS.

How can I troubleshoot this?
October 21, 2025, 04:27:06 PM #7
I have GEO IP blocking enabled. Could this be the culprit? I've disabled it just now to see what happens.
Today at 05:38:34 PM #8
I couldn't make Unbound work following my upgrade. My post is here: https://forum.opnsense.org/index.php?topic=48311

Installed OPNsense a few years before with all the defaults and just the minimal required inputs to make an internet connection. Unbound is enabled by default on install so I added my DNS servers there. I did nothing else with Unbound or the rest of OPNsense except to reserve a few DHCP leases. No DNSSEC, no parental controls, no ad blocking, nothing. As generic of an install as is possible, I think. After I moved my DNS servers to OPNsense general area and disabled Unbound, I've had no issues since.

There is something wrong with the new Unbound - but the cause has so far been elusive for the handful of people reporting issues.
Print
Go Up Pages1
User actions