pfSense Gold Subscription

Author Topic: DNS Resolver  (Read 67768 times)

0 Members and 1 Guest are viewing this topic.

Offline m3usv0x

  • Jr. Member
  • **
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Re: DNS Resolver
« Reply #15 on: August 08, 2014, 10:02:14 pm »
Hi

2.2-ALPHA (amd64)
built on Tue Jul 22 01:18:23 CDT 2014 (Full)
  • Settings are sticking, i don't test if are working or not.
  • Can delete networks when edit one access list (what access list is for? been there or not is the same thing, some check box to only allow allowed lists? or i need one to reject all networks first?).
  • Hosts seems OK.
  • Host Override works but aliases don't.
  • Only the first domain works on Host Override. If i configure multiple domains to a IP or multiple IPs only the first one seems to work.
  • Not tested yet domain override. I'll.

Edit: My DNS clients take the DNS from General Setup -> DNS Servers (the first-one) and not the pfsense IP. My DNS Servers in system information and in interface are 127.0.0.1 and those in General Setup -> DNS Servers (should have my ISP to from my pppoe connection).

Edit2: For some reason My Ubuntu server 14.04 in VirtualBox doesn't resolve any host or domain said:
Code: [Select]
"xxxxx@BoxHost:/etc$ nslookup
> pfsense
;; reply from unexpected source: 10.0.30.1#53, expected 10.0.0.1#53"
10.0.0.1 is Lan IP (vlan) and 10.0.30.1 is another Vlan where My ubuntu server network are.

I can second the above in bold. I cannot get pfSense to serve itself as DNS, instead it pushes ISP DNS.
Am I missing something?

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 557
  • Karma: +74/-4
    • View Profile
Re: DNS Resolver
« Reply #16 on: August 30, 2014, 09:16:46 pm »
I can second the above in bold. I cannot get pfSense to serve itself as DNS, instead it pushes ISP DNS.
Am I missing something?
I'll third this... pfSense is not providing the router's IP address as the DNS server for clients to use when DNS Resolver is enabled. All works correctly when DNS Forwarder is used instead.

Offline grandrivers

  • Sr. Member
  • ****
  • Posts: 566
  • Karma: +13/-2
    • View Profile
Re: DNS Resolver
« Reply #17 on: August 30, 2014, 10:01:05 pm »
yes i noticed this also in 2.1.4 when doing some troubleshooting
pfsense 2.4 super micro A1SRM-2558F
C2558 8gig ECC  60gig SSD
tripple Wan dual pppoe

Offline Fegu

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +2/-0
    • View Profile
    • Gundersen.net
Re: DNS Resolver
« Reply #18 on: September 07, 2014, 02:55:14 pm »
Just to bump this: pfSense is not providing the router's IP address as the DNS server for clients to use when DNS Resolver is enabled. All works correctly when DNS Forwarder is used instead.

I tried with and without Enable Forwarding Mode. I also made sure that the override box in General Settings is off.

Also, slightly related, the dropdown options on the advanced settings page are all at the first option as default, while the legends/help texts underneath claim that default values are something else.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 557
  • Karma: +74/-4
    • View Profile
Re: DNS Resolver
« Reply #19 on: September 16, 2014, 06:05:06 pm »
Another bump, but also something different...

I recently changed back from ISP DHCPv6+PD to my HE tunnel, and in doing so I re-enabled the DHCPv6 server in pfSense. Anyway... after those changes were made, I disabled DNS Forwarder and enabled DNS Resolver. Pulled my network connection, reconnected it, and now my computer received my router's IPv6 address for DNS, but IPv4 DNS servers point to the DNS servers I've specified in the router.

For reference, my DHCPv6/RA setting is Managed.

Offline emce

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: DNS Resolver
« Reply #20 on: September 20, 2014, 08:04:10 am »
Upgraded from 2.1.5 to:

2.2-BETA (i386)
built on Fri Sep 19 23:33:28 CDT 2014

Disabled DNS Forwarder and enabled DNS Resolver.  The service failed to start up with the following error:

Code: [Select]
php-fpm[38680]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1411217151] unbound[40074:0] fatal error: user 'unbound' does not exist.'

I decided to create an unbound user/group to see what would happen, but upon attempting to start it up again, I received this error:

Code: [Select]
php-fpm[26599]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was ''

I haven't had a chance to troubleshoot further, but I'm happy to provide any other info.

Thanks!
-Mike

Offline Renato Botelho

  • Administrator
  • Full Member
  • *****
  • Posts: 261
  • Karma: +43/-0
    • View Profile
Re: DNS Resolver
« Reply #21 on: September 23, 2014, 07:13:31 am »
Upgraded from 2.1.5 to:

2.2-BETA (i386)
built on Fri Sep 19 23:33:28 CDT 2014

Disabled DNS Forwarder and enabled DNS Resolver.  The service failed to start up with the following error:

Code: [Select]
php-fpm[38680]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1411217151] unbound[40074:0] fatal error: user 'unbound' does not exist.'

I decided to create an unbound user/group to see what would happen, but upon attempting to start it up again, I received this error:

Code: [Select]
php-fpm[26599]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was ''

I haven't had a chance to troubleshoot further, but I'm happy to provide any other info.

Thanks!
-Mike

I pushed an upgrade code to migrate unbound package configuration to 2.2 when it's installed, and also make sure unbound user is created during upgrade. It'll be available on next snapshots.
Renato Botelho

Offline emce

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: DNS Resolver
« Reply #22 on: September 24, 2014, 07:29:36 am »
I pushed an upgrade code to migrate unbound package configuration to 2.2 when it's installed, and also make sure unbound user is created during upgrade. It'll be available on next snapshots.

Upgraded to:

2.2-BETA (i386)
built on Wed Sep 24 04:55:10 CDT 2014
FreeBSD 10.1-PRERELEASE

And everything is looking good so far.  Thanks!
-Mike

Offline mais_um

  • Full Member
  • ***
  • Posts: 238
  • Karma: +4/-0
    • View Profile
Re: DNS Resolver
« Reply #23 on: September 24, 2014, 12:30:13 pm »
Upgraded to:

2.2-BETA (i386)
built on Wed Sep 24 04:55:10 CDT 2014
FreeBSD 10.1-PRERELEASE

And everything is looking good so far.  Thanks!
-Mike

2.2-BETA (amd64)
built on Wed Sep 24 04:53:53 CDT 2014 (nanobsd)

I continue with some problems:
  • I have to put on "DHCP Server  -> DNS servers"  my localhost IP, otherwise clients don't pick local DNS server and if i don't have DNS servers in "System ->General", does not get any . "Do not use the DNS Forwarder as a DNS server for the firewall" are uncheck. DNS Forward work ok,
  • One more time, Aliases in  Host override don't work,
  • Can't redirect multiple custom domains to a local IP. Ex. mydomain.com and www.mydomain.com, only the top work the other get a non-authorirative sever to get IP if have any.

Cya
pfSense:
ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
NIC's: RTL8100E (Internal ) and Intel® PRO/1000 PT Dual (Intel 82571GB)

Offline priller

  • Full Member
  • ***
  • Posts: 211
  • Karma: +5/-0
    • View Profile
Advanced Options and Forwarding Mode
« Reply #24 on: October 17, 2014, 02:49:31 pm »
First a little background and then what the problem is and why ....

2.2-BETA (amd64)
built on Fri Oct 17

Behavior of Enabling Forwarding Mode

Services: DNS Resolver

Select: Enable Forwarding Mode

This adds the following to /etc/unbound/unbound.conf
Code: [Select]
# Forwarding
forward-zone:
    name: "."
        forward-addr: 8.8.8.8

The forwarding DNS server is read from what is configured in "System: General Setup - DNS servers"

This works fine.  However, that is not the sever I want to forward to.


What I want to accomplish

I want to use unbound to forward to a DNSCrypt Proxy listening on 127.0.0.1 port 40. 

I am doing this today with DNS Forwarder (dnsmasq) as documented in:
https://forum.pfsense.org/index.php?topic=78446.msg453441#msg453441


Attempted configuration

Since using the "Enable Forwarding Mode" checkbox picks the DNS servers in General Setup, I need a way to override that and use 127.0.0.1@40.

So, I deselected "Enable Forwarding Mode" and in the Advanced box entered:
Code: [Select]
forward-zone:
    name: "."
        forward-addr: 127.0.0.1@40

That Advanced configuration shows in /conf/config.xml.   BUT, unbound never uses it and is not in forwarding mode.

Since that is a valid unbound configuration , why is it being ignored when you enter it in the Advanced box?  Shouldn't these options be passed to unbound when it starts?   

« Last Edit: October 17, 2014, 02:53:14 pm by priller »

Offline mais_um

  • Full Member
  • ***
  • Posts: 238
  • Karma: +4/-0
    • View Profile
Re: DNS Resolver - host override
« Reply #25 on: October 22, 2014, 09:49:08 am »
Hi

Someone please :), correct host overrides? thanks.
pfSense:
ASRock -> Wolfdale1333-D667 (2GB TeamElite Ram)
Marvell 88SA8040 Sata to CF(Sandisk 4GB) Controller
NIC's: RTL8100E (Internal ) and Intel® PRO/1000 PT Dual (Intel 82571GB)

Offline router_wang

  • Full Member
  • ***
  • Posts: 112
  • Karma: +1/-10
    • View Profile
Re: DNS Resolver
« Reply #26 on: October 24, 2014, 11:02:05 am »
The resolver is forwarding requests to my providers DNS instead of querying the root domain name servers. You can test this by going to https://www.dnsleaktest.com/

How can I configure it not to do this?

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1762
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: DNS Resolver
« Reply #27 on: October 25, 2014, 05:42:30 pm »
The resolver is forwarding requests to my providers DNS instead of querying the root domain name servers. You can test this by going to https://www.dnsleaktest.com/

How can I configure it not to do this?

Go to System/General Setup-  DNS Servers...   

Uncheck- " Allow DNS server list to be overridden by DHCP/PPP on WAV"

Check-  "Do not use the DNS Forwarder as a DNS server for the firewall"
P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com

Offline router_wang

  • Full Member
  • ***
  • Posts: 112
  • Karma: +1/-10
    • View Profile
Re: DNS Resolver
« Reply #28 on: October 26, 2014, 11:05:37 am »
The resolver is forwarding requests to my providers DNS instead of querying the root domain name servers. You can test this by going to https://www.dnsleaktest.com/

How can I configure it not to do this?

Go to System/General Setup-  DNS Servers...   

Uncheck- " Allow DNS server list to be overridden by DHCP/PPP on WAV"

Check-  "Do not use the DNS Forwarder as a DNS server for the firewall"

Yes, I have it set like this and it still does it anyway.

Offline athurdent

  • Hero Member
  • *****
  • Posts: 650
  • Karma: +36/-7
  • N00b.
    • View Profile
Re: DNS Resolver
« Reply #29 on: October 31, 2014, 08:28:46 am »
I'm using CARP virtual IPs and run Unbound on "All" interfaces.
If I query the CARP IP from a Linux box, I get this:

Code: [Select]
root@none:~# dig @192.168.xxx.254 www.heise.de
;; reply from unexpected source: 192.168.xxx.5#53, expected 192.168.xxx.254#53
;; reply from unexpected source: 192.168.xxx.5#53, expected 192.168.xxx.254#53
;; reply from unexpected source: 192.168.xxx.5#53, expected 192.168.xxx.254#53

Snapshot is AMD64 from today.