Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Unable to resolve local IP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unable to resolve local IP (Read 2445 times)
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Unable to resolve local IP
«
on:
July 27, 2023, 03:44:35 pm »
Hi all,
Setup:
OPNsense 23.1.11-amd64
FreeBSD 13.1-RELEASE-p8
OpenSSL 1.1.1u 30 May 2023
I setup some DNS records on my registrar pointing to local IP's.
After the latest update from OPNsense it looks like I'm unable to resolve local IP's,
Like this:
$ dig A
www.google.com
;; ANSWER SECTION:
www.google.com
. 98 IN A 142.250.179.164
$ dig A
some local domain name
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> A
;; global options: +cmd
;; no servers could be reached
$ ping 127.0.0.53
PING 127.0.0.53 (127.0.0.53) 56(84) bytes of data.
64 bytes from 127.0.0.53: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 127.0.0.53: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 127.0.0.53: icmp_seq=3 ttl=64 time=0.057 ms
What am I doing wrong?
Logged
CJ
Hero Member
Posts: 832
Karma: 30
Re: Unable to resolve local IP
«
Reply #1 on:
July 27, 2023, 07:44:30 pm »
127.0.0.53 is the local DNS cache on your Ubuntu machine. What does your /etc/resolv.conf look like?
Where and how are "some local domain name" configured?
Logged
Have Answer, Will Blog
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Unable to resolve local IP
«
Reply #2 on:
July 27, 2023, 11:36:50 pm »
/etc/resolv.conf on the firewall?
The local DNS records are configured with the control panel from my registrar. Like firewall, NAS, etc
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Unable to resolve local IP
«
Reply #3 on:
July 28, 2023, 12:37:02 am »
Does "local IPs" mean private IP addresses (RFC1918 / ULAs)? And you are publishing these in public DNS? That won't work because Unbound removes all private IP addresses from answers it gets from public DNS servers. It's a security feature (rebind protection).
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Unable to resolve local IP
«
Reply #4 on:
July 28, 2023, 08:00:35 am »
Sorry, indeed private addresses. I've been doing it that way for years. Why is this a security risk?
Always willing to learn, what should be best practice?
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Unable to resolve local IP
«
Reply #5 on:
July 28, 2023, 12:14:11 pm »
Rebind protection in Unbound has been there for years, too, although some modifications were made from time to time. Not sure why it worked for you in the past.
Regarding the security risk:
https://en.wikipedia.org/wiki/DNS_rebinding
(Not the most detailed and up-to-date explanation, but a good start.)
Best practice is to keep the internal DNS zone (something like intranet.example.com) on an internal DNS server, not a public one.
If you can't or don't want to do that for any reason, you can configure exceptions in Unbound which allow private IP addresses in public DNS records for specific domains.
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Unable to resolve local IP
«
Reply #6 on:
July 28, 2023, 12:21:46 pm »
Thanks.
No idea why it suddenly stopt working. I guess after the latest OPNsense update.
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Unable to resolve local IP
«
Reply #7 on:
July 28, 2023, 12:36:56 pm »
Now this is strange.
Even with unbound turned off I can't reach the DNS server to resolve private addresses.
I have to look somewhere else for the cause.
Logged
Tripple_Delta
Jr. Member
Posts: 91
Karma: 3
Re: Unable to resolve local IP
«
Reply #8 on:
July 28, 2023, 06:11:21 pm »
Turns out this has nothing to do with OPNsense. Sorry.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Unable to resolve local IP