LAN interface not responding on port 53 after update

Started by buzzra, September 20, 2023, 07:30:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 20, 2023, 07:30:08 PM Last Edit: September 21, 2023, 01:39:21 AM by buzzra
I have neglected updating OPNsense for too long, apparently. I was on 22.7. I checked for updates and was presented with the upgrade to 23.1_6. I have never had problems with OPNsense updates in the past, and figured I would need to do a couple to get up to date. I clicked the update button. All seemed to go well and the system came back up.
The problem I am having now is the LAN interface is not responding to DNS queries on port 53. From clients on the LAN,  I can ping internal and external hosts by IP address, but not host name. All the clients have the correct network info from DHCP.  An NMAP scan from a Linux client shows port 53 closed.  I have restarted the OPNsense server a few times, and I have not made any changes, yet.
I also cannot upgrade further via the GUI because of the problem. Check for updates just times out.
I am using Dnsmasq as DNS service.
I do not use any ad blocking service (i.e. Adguard, Pihole, etc).

Any advice on next steps would be appreciated.
September 21, 2023, 01:38:41 AM #1
More info:
From the console, I cannot ping any IP address on the Internet, even though I can from clients on the LAN.
From the console I CAN ping LAN IP addresses.
From the console I get communications failed with ALL listed DNS servers, internal and external.

September 21, 2023, 01:50:03 AM #2
Do you have a 10.x.x.x / 172.16.x.x / 192.168.x.x IP on the WAN ?

If any of the above is true go to Interfaces - WAN and disable Block private networks
September 21, 2023, 03:48:21 AM #3
Nope. I have a static IP from my Internet provider and it is assigned to the WAN.
I haven't made any config changes. It was working before the update.

September 21, 2023, 07:27:54 AM #4
What happens if you enable Unbound instead ?
September 21, 2023, 03:48:10 PM #5
If your setup is simple enough, it might be worth just noting your settings and starting with a fresh install of 23.7.

Not sure what your use case is that made you use dnsmasq instead of unbound but the default setup works well.
September 21, 2023, 04:04:04 PM #6
Quote from: newsense on September 21, 2023, 07:27:54 AM
What happens if you enable Unbound instead ?

No luck with Unbound either.

Quote from: CJ on September 21, 2023, 03:48:10 PM
If your setup is simple enough, it might be worth just noting your settings and starting with a fresh install of 23.7.

Not sure what your use case is that made you use dnsmasq instead of unbound but the default setup works well.

I was wondering about a fresh install. Can I back up my config, and restore it to a fresh install?

Unbound seems overly complicated and I've used Dnsmasq before. I just need a simple lookup for my internal hosts and pass everything else out to the Internet. My external DNS is hosted on Azure.
September 21, 2023, 06:29:12 PM #7
Quote from: buzzra on September 21, 2023, 04:04:04 PM
I was wondering about a fresh install. Can I back up my config, and restore it to a fresh install?

Unbound seems overly complicated and I've used Dnsmasq before. I just need a simple lookup for my internal hosts and pass everything else out to the Internet. My external DNS is hosted on Azure.

You can try importing your config but you may run into the same issue, which is why I suggested just manually configuring things after a fresh install.

The default Unbound install is pretty simple to set up with the use case you specified and I would wager is how the majority of people use it.

If you're using static leases you just need to check the boxes to automatically add those to Unbound.  If you're using static IPs, it's a bit more work and needs to be manually updated, so I prefer the static leases.

Not sure if you're using DoT, DoH, or standard DNS, but everything other than DoH is easily set up.
Print
Go Up Pages1
User actions