Netgate SG-1000 microFirewall

Author Topic: DNS Forwarder cache and configuration issues - Fresh eyes needed  (Read 163 times)

0 Members and 1 Guest are viewing this topic.

Offline rafaelr

  • Newbie
  • *
  • Posts: 19
  • Karma: +4/-1
    • View Profile
DNS Forwarder cache and configuration issues - Fresh eyes needed
« on: December 30, 2017, 05:36:38 am »
DNS Forwarder cache and configuration issues - Fresh eyes needed

Hello all,

I haven't used dnsmasq in pfSense in a long time. Today, while testing DNS Forwarder in pfSense 2.4.2_1 (latest stable) I stumbled with a two issues:

1- DNS Forwarder does not seem to be caching requests
2- DNS Forwarder does not seem to read my custom /usr/local/etc/dnsmasq.conf file

1) When I dig a domain I'm not getting any cached responses from DNS Forwarder

2) I have later tried to use my own dnsmasq.conf configuration file but that hasn't helped me at all

/usr/local/etc/dnsmasq.conf

I have created a /usr/local/etc/dnsmasq.d directory to add additional .conf files but they do not seem to be loading at all.

For example, I've added a blacklist.conf file to block a bunch of hosts and I don't get the response I'm expecting from dnsmasq. It's like it isn't even looking at the file.














Could someone give DNS Forwarder a try in 2.4.2_1 and confirm (duplicate) this behavior - Is it there something wrong with my configuration? - Please HELP!

p.s I've created a bash script using zenity to easily generate blacklist.conf files for unbound and dnsmasq. I think it will be helpful for those less familiar with a terminal. I'm also skipping zenity in a later version to be able to run it in a pfsense box on schedule and update the blacklist automatically.














Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2591
  • Karma: +208/-9
    • View Profile
Re: DNS Forwarder cache and configuration issues - Fresh eyes needed
« Reply #1 on: December 31, 2017, 02:54:30 am »
DNS Forwarder cache and configuration issues - Fresh eyes needed

Hello all,

I haven't used dnsmasq in pfSense in a long time. Today, while testing DNS Forwarder in pfSense 2.4.2_1 (latest stable) I stumbled with a two issues:

1- DNS Forwarder does not seem to be caching requests
2- DNS Forwarder does not seem to read my custom /usr/local/etc/dnsmasq.conf file

1) When I dig a domain I'm not getting any cached responses from DNS Forwarder

2) I have later tried to use my own dnsmasq.conf configuration file but that hasn't helped me at all

/usr/local/etc/dnsmasq.conf

I have created a /usr/local/etc/dnsmasq.d directory to add additional .conf files but they do not seem to be loading at all.

For example, I've added a blacklist.conf file to block a bunch of hosts and I don't get the response I'm expecting from dnsmasq. It's like it isn't even looking at the file.

Hi,

"Never ever" change these files directly. Use the GUI. That's what is pfSense is all about.
Extra option to include can be pasted (before rigorous checking) into the GUI, who maintains the setting files on disk.

It's very well possible to set up dnsmasq manually - the old fashioned way, but in that case it might be better that you install a native FreeBSD, add the needed packages and create a firewall by hand. Now you have possibility of editing files manually without consequences.

Your last 7 images, those who show the settings used for the "DNS Blacklist generator" : the last images shows the path to something that could be related to unbound, not the forwarder.
What are you using, the forwarder (dnsmasq) or the resolver (== unbound) ?