motte990
Goto Top

DHCP DNS Server Pfsense spinnt ein bissel rum

Guten Morgen

Aktuell habe ich immer mal das Problem das der DNS Server der Pfsense rum spinnt bzw der Dienst sich einfach beendet im Protokoll steht nur wurde gestoppt . Meist so alle 4-5 Tage

Unter Allgemein habe ich die DNS Server meines ISP eingetragen.

Pfsense 192.168.110.1/24
DHCP 192.168.110.100 - 192.168.110.175

Alle bekannten Clients bekommen durch den DHCP Server ihre Feste IP zugewiesen.

Hab ich irgendwo ein Config Fehler?

Im Anhang Bilder der Config

Allgemein DNS ISP:
19f76a32-7e37-4d69-b7b9-74442902581c
0be73eb6-7b96-4661-9934-263a87ea2157

DHCP Server:
6742341e-6c2d-40c4-879f-b301a6595ea0
064dd8ce-5907-4dd6-9221-68ada2411002
1a127212-74fb-499e-9426-d740d22ea448
771de20b-9456-45e6-b252-05b37ea70751

DNS Server
2476fe9f-efb4-4e4e-9288-a8879eb9c1a8
abca5171-4213-48dc-bbe5-9245e1302c9c
1478d04b-9fdd-4b38-ba04-5ba973101212
6c3f8937-c534-4787-afd1-aedc0cbf2c58
bbd88c66-952a-4f9e-bbec-57e9a86a9ec1

Content-ID: 595199

Url: https://administrator.de/contentid/595199

Ausgedruckt am: 22.11.2024 um 06:11 Uhr

michi1983
michi1983 11.08.2020 um 08:16:22 Uhr
Goto Top
Hallo,

keine Ahnung ob das Problem dadurch bekommen wird aber ich würde hier immer die IP als DNS eintragen welche auch tatsächlich die Einwahl übernimmt.
In deinem Fall die 192.168.178.1?

Gruß
aqui
aqui 11.08.2020 um 11:20:49 Uhr
Goto Top
Entscheident ist auch die Frage ob der DNS des TO als Resolver oder Forwarder rennt. Diese wichtige Frage hat er gar nicht beantwortet ?!
Sinnvoll ist immer der Resolver
https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html
Hier besonders der Punkt Enable Forwarding Mode: denn der bestimmt ob die Upstream Server überhaupt gefragt werden !
Ist das nicht aktiviert fragt die pfSense IMMER die Root Server direkt und niemals die definierten DNS Server !
Das kann man auch immer selber überprüfen wenn man im Diagnostics Menü mal den Packet Capture aktiviert und auf TCP/UDP 53 filtert (DNS). Dort zeigt die Firewall dann imemr genau und direkt an welche DNS Server IPs sie wirklich befragt. Leider hat der TO diese sinnvolle Option wohl auch üersehen..?!
Ansonsten ist es richtig was @michi1983 oben schon sagt sofern die pfSense denn wirklich in einer Router_Kaskade betrieben wird wozu der TO ja aber auch keine Angaben macht.
Motte990
Motte990 11.08.2020 um 19:26:11 Uhr
Goto Top
Hier die Paketmitschnitte:

Ohne Enable Forwarding Mode
LAN
18:57:35.606225 IP 192.168.110.20.49906 > 192.168.110.1.53: UDP, length 35
18:57:35.606393 IP 192.168.110.1.53 > 192.168.110.20.49906: UDP, length 51
18:57:35.646498 IP 192.168.110.20.61205 > 192.168.110.1.53: UDP, length 35
18:57:35.646595 IP 192.168.110.1.53 > 192.168.110.20.61205: UDP, length 51
18:57:35.709207 IP 192.168.110.20.57656 > 192.168.110.1.53: UDP, length 35
18:57:35.709293 IP 192.168.110.1.53 > 192.168.110.20.57656: UDP, length 51
18:57:38.289969 IP 192.168.110.20.49646 > 192.168.110.1.53: UDP, length 35
18:57:38.290059 IP 192.168.110.1.53 > 192.168.110.20.49646: UDP, length 51
18:57:38.326858 IP 192.168.110.20.55724 > 192.168.110.1.53: UDP, length 35
18:57:38.326929 IP 192.168.110.1.53 > 192.168.110.20.55724: UDP, length 51
WAN
18:58:04.938058 IP 192.41.162.30.53 > 192.168.178.2.34647: tcp 0
18:58:04.938085 IP 192.168.178.2.34647 > 192.41.162.30.53: tcp 0
18:58:04.938139 IP 192.168.178.2.34647 > 192.41.162.30.53: tcp 44
18:58:04.943311 IP 205.251.197.225.53 > 192.168.178.2.55154: UDP, length 338
18:58:04.943324 IP 156.154.102.3.53 > 192.168.178.2.13944: tcp 0
18:58:04.943344 IP 192.168.178.2.13944 > 156.154.102.3.53: tcp 0
18:58:04.943472 IP 192.168.178.2.31532 > 205.251.198.242.53: UDP, length 42
18:58:04.957199 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 0
18:58:04.981499 IP 205.251.198.242.53 > 192.168.178.2.31532: UDP, length 214
18:58:04.981632 IP 192.168.178.2.53234 > 192.55.83.30.53: UDP, length 39
18:58:04.992335 IP 192.41.162.30.53 > 192.168.178.2.34647: tcp 0
18:58:04.992343 IP 192.41.162.30.53 > 192.168.178.2.34647: tcp 863
18:58:04.992363 IP 192.168.178.2.34647 > 192.41.162.30.53: tcp 0
18:58:04.992497 IP 192.168.178.2.24973 > 205.251.199.147.53: UDP, length 49
18:58:04.992520 IP 192.168.178.2.34647 > 192.41.162.30.53: tcp 0
18:58:05.030397 IP 205.251.199.147.53 > 192.168.178.2.24973: UDP, length 335
18:58:05.047314 IP 192.55.83.30.53 > 192.168.178.2.53234: UDP, length 497
18:58:05.047407 IP 192.168.178.2.2519 > 192.55.83.30.53: tcp 0
18:58:05.055005 IP 192.41.162.30.53 > 192.168.178.2.34647: tcp 0
18:58:05.055031 IP 192.168.178.2.34647 > 192.41.162.30.53: tcp 0
18:58:05.115429 IP 192.55.83.30.53 > 192.168.178.2.2519: tcp 0
18:58:05.115456 IP 192.168.178.2.2519 > 192.55.83.30.53: tcp 0
18:58:05.115499 IP 192.168.178.2.2519 > 192.55.83.30.53: tcp 41
18:58:05.168361 IP 192.55.83.30.53 > 192.168.178.2.2519: tcp 0
18:58:05.168368 IP 192.55.83.30.53 > 192.168.178.2.2519: tcp 726
18:58:05.168387 IP 192.168.178.2.2519 > 192.55.83.30.53: tcp 0
18:58:05.168523 IP 192.168.178.2.48208 > 23.235.32.32.53: UDP, length 43
18:58:05.168539 IP 192.168.178.2.2519 > 192.55.83.30.53: tcp 0
18:58:05.203363 IP 23.235.32.32.53 > 192.168.178.2.48208: UDP, length 131
18:58:05.203443 IP 192.168.178.2.51103 > 104.156.80.32.53: UDP, length 50
18:58:05.227314 IP 104.156.80.32.53 > 192.168.178.2.51103: UDP, length 138
18:58:05.227721 IP 192.168.178.2.55030 > 192.42.176.30.53: UDP, length 31
18:58:05.229529 IP 192.55.83.30.53 > 192.168.178.2.2519: tcp 0
18:58:05.229548 IP 192.168.178.2.2519 > 192.55.83.30.53: tcp 0
18:58:05.252455 IP 192.42.176.30.53 > 192.168.178.2.55030: UDP, length 485
18:58:05.252544 IP 192.168.178.2.28888 > 192.42.176.30.53: tcp 0
18:58:05.279181 IP 192.42.176.30.53 > 192.168.178.2.28888: tcp 0
18:58:05.279214 IP 192.168.178.2.28888 > 192.42.176.30.53: tcp 0
18:58:05.279238 IP 192.168.178.2.28888 > 192.42.176.30.53: tcp 33
18:58:05.305279 IP 192.42.176.30.53 > 192.168.178.2.28888: tcp 0
18:58:05.305286 IP 192.42.176.30.53 > 192.168.178.2.28888: tcp 777
18:58:05.305313 IP 192.168.178.2.28888 > 192.42.176.30.53: tcp 0
18:58:05.305649 IP 192.168.178.2.28888 > 192.42.176.30.53: tcp 0
18:58:05.341135 IP 192.42.176.30.53 > 192.168.178.2.28888: tcp 0
18:58:05.341156 IP 192.168.178.2.28888 > 192.42.176.30.53: tcp 0
18:58:07.910601 IP 192.168.178.2.1513 > 199.249.112.1.53: tcp 0
18:58:07.910670 IP 192.168.178.2.30727 > 199.19.57.1.53: UDP, length 42
18:58:07.939543 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 799
18:58:07.939574 IP 192.168.178.2.1513 > 199.249.112.1.53: tcp 0
18:58:07.941060 IP 199.19.57.1.53 > 192.168.178.2.30727: UDP, length 42
18:58:07.941186 IP 192.168.178.2.11263 > 199.19.57.1.53: tcp 0
18:58:07.976662 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 0
18:58:07.976726 IP 199.19.57.1.53 > 192.168.178.2.11263: tcp 0
18:58:07.976752 IP 192.168.178.2.11263 > 199.19.57.1.53: tcp 0
18:58:07.976772 IP 192.168.178.2.11263 > 199.19.57.1.53: tcp 44
18:58:08.009073 IP 199.19.57.1.53 > 192.168.178.2.11263: tcp 0
18:58:08.009084 IP 199.19.57.1.53 > 192.168.178.2.11263: tcp 799
18:58:08.009109 IP 192.168.178.2.11263 > 199.19.57.1.53: tcp 0
18:58:08.009237 IP 192.168.178.2.13525 > 205.251.196.56.53: UDP, length 50
18:58:08.009254 IP 192.168.178.2.11263 > 199.19.57.1.53: tcp 0
18:58:08.051973 IP 205.251.196.56.53 > 192.168.178.2.13525: UDP, length 336
18:58:08.055636 IP 199.19.57.1.53 > 192.168.178.2.11263: tcp 0
18:58:08.055656 IP 192.168.178.2.11263 > 199.19.57.1.53: tcp 0
18:58:08.215979 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 799
18:58:08.494041 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 799
18:58:09.049890 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 799
18:58:10.160056 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 799
18:58:11.561130 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 0
18:58:12.380365 IP 199.249.112.1.53 > 192.168.178.2.1513: tcp 799

Mit Enable Forwarding Mode

WAN
19:00:52.198390 IP 192.168.178.2.24134 > 8.8.8.8.53: UDP, length 32
19:00:52.230808 IP 8.8.8.8.53 > 192.168.178.2.24134: UDP, length 48
19:00:58.049810 IP 192.168.178.2.39606 > 8.8.8.8.53: UDP, length 41
19:00:58.063061 IP 192.168.178.2.29627 > 8.8.8.8.53: UDP, length 41
19:00:58.104849 IP 8.8.8.8.53 > 192.168.178.2.39606: UDP, length 148
19:00:58.107774 IP 8.8.8.8.53 > 192.168.178.2.29627: UDP, length 148
19:00:58.634546 IP 192.168.178.2.56868 > 192.168.178.1.53: UDP, length 52
19:00:58.634612 IP 192.168.178.2.55781 > 192.168.178.1.53: UDP, length 52
19:00:58.634634 IP 192.168.178.2.29807 > 192.168.178.1.53: UDP, length 47
19:00:58.634689 IP 192.168.178.2.20199 > 192.168.178.1.53: UDP, length 47
19:00:58.634691 IP 192.168.178.2.61766 > 192.168.178.1.53: UDP, length 43
19:00:58.634764 IP 192.168.178.2.6357 > 192.168.178.1.53: UDP, length 43
19:00:58.634777 IP 192.168.178.2.14519 > 192.168.178.1.53: UDP, length 44
19:00:58.656250 IP 192.168.178.1.53 > 192.168.178.2.56868: UDP, length 159
19:00:58.656365 IP 192.168.178.2.57691 > 192.168.178.1.53: UDP, length 58
19:00:58.656561 IP 192.168.178.1.53 > 192.168.178.2.55781: UDP, length 159
19:00:58.656656 IP 192.168.178.2.52278 > 192.168.178.1.53: UDP, length 58
19:00:58.657481 IP 192.168.178.1.53 > 192.168.178.2.29807: UDP, length 105
19:00:58.657549 IP 192.168.178.2.60286 > 192.168.178.1.53: UDP, length 45
19:00:58.658016 IP 192.168.178.1.53 > 192.168.178.2.20199: UDP, length 105
19:00:58.658103 IP 192.168.178.2.27072 > 192.168.178.1.53: UDP, length 45
19:00:58.658228 IP 192.168.178.1.53 > 192.168.178.2.61766: UDP, length 150
19:00:58.658289 IP 192.168.178.2.48494 > 192.168.178.1.53: UDP, length 58
19:00:58.667329 IP 192.168.178.1.53 > 192.168.178.2.6357: UDP, length 150
19:00:58.667407 IP 192.168.178.2.53199 > 192.168.178.1.53: UDP, length 58
19:00:58.667571 IP 192.168.178.1.53 > 192.168.178.2.14519: UDP, length 178
19:00:58.667638 IP 192.168.178.2.11434 > 192.168.178.1.53: UDP, length 73
19:00:58.675032 IP 192.168.178.1.53 > 192.168.178.2.57691: UDP, length 122
19:00:58.675165 IP 192.168.178.2.52434 > 192.168.178.1.53: UDP, length 28
19:00:58.675196 IP 192.168.178.2.13363 > 192.168.178.1.53: UDP, length 37
19:00:58.687466 IP 192.168.178.1.53 > 192.168.178.2.60286: UDP, length 85
19:00:58.687569 IP 192.168.178.2.63457 > 192.168.178.1.53: UDP, length 51
19:00:58.688038 IP 192.168.178.1.53 > 192.168.178.2.52278: UDP, length 122
19:00:58.688167 IP 192.168.178.2.48657 > 192.168.178.1.53: UDP, length 28
19:00:58.688217 IP 192.168.178.2.65033 > 192.168.178.1.53: UDP, length 37
19:00:58.688529 IP 192.168.178.1.53 > 192.168.178.2.27072: UDP, length 85
19:00:58.688602 IP 192.168.178.2.49605 > 192.168.178.1.53: UDP, length 51
19:00:58.697314 IP 192.168.178.1.53 > 192.168.178.2.48494: UDP, length 122
19:00:58.699295 IP 192.168.178.1.53 > 192.168.178.2.53199: UDP, length 122
19:00:58.702642 IP 192.168.178.1.53 > 192.168.178.2.52434: UDP, length 17
19:00:58.702742 IP 192.168.178.2.63586 > 192.168.178.1.53: tcp 0
19:00:58.703027 IP 192.168.178.1.53 > 192.168.178.2.63586: tcp 0
19:00:58.703047 IP 192.168.178.2.63586 > 192.168.178.1.53: tcp 0
19:00:58.703071 IP 192.168.178.2.63586 > 192.168.178.1.53: tcp 30
19:00:58.703371 IP 192.168.178.1.53 > 192.168.178.2.63586: tcp 0
19:00:58.704026 IP 192.168.178.1.53 > 192.168.178.2.63586: tcp 580
19:00:58.704059 IP 192.168.178.2.63586 > 192.168.178.1.53: tcp 0
19:00:58.710945 IP 192.168.178.1.53 > 192.168.178.2.11434: UDP, length 148
19:00:58.711414 IP 192.168.178.1.53 > 192.168.178.2.49605: UDP, length 67
19:00:58.712981 IP 192.168.178.1.53 > 192.168.178.2.63457: UDP, length 67
19:00:58.713382 IP 192.168.178.1.53 > 192.168.178.2.48657: UDP, length 17
19:00:58.713440 IP 192.168.178.2.63587 > 192.168.178.1.53: tcp 0
19:00:58.713713 IP 192.168.178.1.53 > 192.168.178.2.63587: tcp 0
19:00:58.713733 IP 192.168.178.2.63587 > 192.168.178.1.53: tcp 0
19:00:58.713758 IP 192.168.178.2.63587 > 192.168.178.1.53: tcp 30
19:00:58.714231 IP 192.168.178.1.53 > 192.168.178.2.63587: tcp 0
19:00:58.715129 IP 192.168.178.1.53 > 192.168.178.2.63587: tcp 580
19:00:58.715143 IP 192.168.178.2.63587 > 192.168.178.1.53: tcp 0
19:00:58.743289 IP 192.168.178.1.53 > 192.168.178.2.13363: UDP, length 112
19:00:58.771242 IP 192.168.178.2.18943 > 192.168.178.1.53: UDP, length 74
19:00:58.773404 IP 192.168.178.2.28006 > 192.168.178.1.53: UDP, length 28
19:00:58.773439 IP 192.168.178.2.63586 > 192.168.178.1.53: tcp 0
19:00:58.774532 IP 192.168.178.1.53 > 192.168.178.2.63586: tcp 0
19:00:58.774549 IP 192.168.178.2.63586 > 192.168.178.1.53: tcp 0
19:00:58.775549 IP 192.168.178.2.25517 > 192.168.178.1.53: UDP, length 28
19:00:58.775552 IP 192.168.178.2.14924 > 192.168.178.1.53: UDP, length 37
19:00:58.775572 IP 192.168.178.2.63587 > 192.168.178.1.53: tcp 0
19:00:58.775645 IP 192.168.178.2.38881 > 192.168.178.1.53: UDP, length 28
19:00:58.776830 IP 192.168.178.1.53 > 192.168.178.2.14924: UDP, length 112
19:00:58.777030 IP 192.168.178.1.53 > 192.168.178.2.63587: tcp 0
19:00:58.777049 IP 192.168.178.2.63587 > 192.168.178.1.53: tcp 0
19:00:58.786193 IP 192.168.178.2.59423 > 192.168.178.1.53: UDP, length 74
19:00:58.791003 IP 192.168.178.1.53 > 192.168.178.2.18943: UDP, length 90
19:00:58.793320 IP 192.168.178.1.53 > 192.168.178.2.28006: UDP, length 17
19:00:58.793394 IP 192.168.178.2.63588 > 192.168.178.1.53: tcp 0
19:00:58.793667 IP 192.168.178.1.53 > 192.168.178.2.63588: tcp 0
19:00:58.793685 IP 192.168.178.2.63588 > 192.168.178.1.53: tcp 0
19:00:58.793721 IP 192.168.178.2.63588 > 192.168.178.1.53: tcp 30
19:00:58.794049 IP 192.168.178.1.53 > 192.168.178.2.63588: tcp 0
19:00:58.794212 IP 192.168.178.2.21341 > 192.168.178.1.53: UDP, length 37
19:00:58.794734 IP 192.168.178.1.53 > 192.168.178.2.63588: tcp 580
19:00:58.794747 IP 192.168.178.2.63588 > 192.168.178.1.53: tcp 0
19:00:58.794865 IP 192.168.178.1.53 > 192.168.178.2.21341: UDP, length 112
19:00:58.801885 IP 192.168.178.1.53 > 192.168.178.2.25517: UDP, length 17
19:00:58.801939 IP 192.168.178.2.63589 > 192.168.178.1.53: tcp 0
19:00:58.802215 IP 192.168.178.1.53 > 192.168.178.2.63589: tcp 0
19:00:58.802230 IP 192.168.178.2.63589 > 192.168.178.1.53: tcp 0
19:00:58.802231 IP 192.168.178.1.53 > 192.168.178.2.38881: UDP, length 17
19:00:58.802250 IP 192.168.178.2.63589 > 192.168.178.1.53: tcp 30
19:00:58.802300 IP 192.168.178.2.63590 > 192.168.178.1.53: tcp 0
19:00:58.802566 IP 192.168.178.1.53 > 192.168.178.2.63589: tcp 0
19:00:58.802603 IP 192.168.178.1.53 > 192.168.178.2.63590: tcp 0
19:00:58.802621 IP 192.168.178.2.63590 > 192.168.178.1.53: tcp 0
19:00:58.802643 IP 192.168.178.2.63590 > 192.168.178.1.53: tcp 30
19:00:58.802979 IP 192.168.178.1.53 > 192.168.178.2.63590: tcp 0
19:00:58.803657 IP 192.168.178.1.53 > 192.168.178.2.63589: tcp 580
19:00:58.803669 IP 192.168.178.2.63589 > 192.168.178.1.53: tcp 0
19:00:58.803787 IP 192.168.178.1.53 > 192.168.178.2.63590: tcp 580
19:00:58.803801 IP 192.168.178.2.63590 > 192.168.178.1.53: tcp 0
19:00:58.810136 IP 192.168.178.1.53 > 192.168.178.2.59423: UDP, length 90

LAN
19:01:57.632780 IP 192.168.110.20.53612 > 192.168.110.1.53: UDP, length 35
19:01:57.632882 IP 192.168.110.1.53 > 192.168.110.20.53612: UDP, length 51


Ich nutze eine Router Kaskade: Fritzbox dann PFsense. Also als DNS Resolver.

In der Fritzbox ist DHCP und DNS aus

In der sense ist jetzt die fritzbox eingetragen als DNS Upstream.

Zurzeit scheint es zu klappen. sind die restlichen Einstellungen so weit richtig?


Frage woher nimmt sich die Fritzbox den DNS Server ? Ist das der der durch den ISP mitgeteilt wird?


nslookup google.de kommt Server Fehler

Wenn ich einen Client nehme dann kommt das richtige.


Gibt es eine Möglichkeit wen die pfsense mal rum zickt das ich auf einer VM einen Debian DNS Server als Failover laufen lassen kann?


EDIT WIEDER FEHLER :


Mit der 8.8.8.8 geht es

Google Chrome meldet DNS_PROBE_FINISHED_BAD_CONFIG


Intern geht der DNS Nur extern nicht


19:19:18.202668 IP 192.168.178.2.6345 > 8.8.8.8.53: UDP, length 33
19:19:18.231831 IP 8.8.8.8.53 > 192.168.178.2.6345: UDP, length 167
19:19:18.571937 IP 192.168.178.2.19930 > 8.8.8.8.53: UDP, length 39
19:19:18.610002 IP 8.8.8.8.53 > 192.168.178.2.19930: UDP, length 90
19:19:19.129231 IP 192.168.178.2.49398 > 8.8.8.8.53: UDP, length 28
19:19:19.173265 IP 8.8.8.8.53 > 192.168.178.2.49398: UDP, length 44
19:19:21.580909 IP 192.168.178.2.64383 > 192.168.178.1.53: UDP, length 42
19:19:21.597767 IP 192.168.178.1.53 > 192.168.178.2.64383: UDP, length 58
19:19:23.685397 IP 192.168.178.2.8388 > 192.168.178.1.53: UDP, length 57
19:19:23.685400 IP 192.168.178.2.37476 > 192.168.178.1.53: UDP, length 46
19:19:23.686404 IP 192.168.178.1.53 > 192.168.178.2.37476: UDP, length 62
19:19:23.686546 IP 192.168.178.2.48093 > 192.168.178.1.53: UDP, length 57
19:19:23.722099 IP 192.168.178.1.53 > 192.168.178.2.8388: UDP, length 73
19:19:23.722261 IP 192.168.178.2.29867 > 192.168.178.1.53: UDP, length 46
19:19:23.731694 IP 192.168.178.1.53 > 192.168.178.2.48093: UDP, length 85
19:19:23.731813 IP 192.168.178.2.35138 > 192.168.178.1.53: UDP, length 46
19:19:23.740245 IP 192.168.178.1.53 > 192.168.178.2.29867: UDP, length 62
19:19:23.740420 IP 192.168.178.2.50396 > 192.168.178.1.53: UDP, length 57
19:19:23.748376 IP 192.168.178.1.53 > 192.168.178.2.35138: UDP, length 74
19:19:23.781943 IP 192.168.178.1.53 > 192.168.178.2.50396: UDP, length 85
19:19:23.782098 IP 192.168.178.2.26407 > 192.168.178.1.53: UDP, length 46
19:19:23.814315 IP 192.168.178.1.53 > 192.168.178.2.26407: UDP, length 74
dns2
aqui
aqui 12.08.2020 aktualisiert um 13:59:46 Uhr
Goto Top
Du siehst anhand der Traces ja selber das die PfSense NICHT die FB als DNS Server fragt sondern immer wechselnde andere IP Adressen.
Zeigt ja ganz klar das du weiterhin den Default nutzt der eben direkt die DNS Root Server fragt und eben nicht den den du per DHCP übermittelst (Fritz) oder konfiguriert hast. Per se schlecht, denn es verschlechtert erheblich das DNS Antwortverhalten.
Kann man also nur vermuten das du weiterhin vergessen hast den o.a. Haken in den DNS Service Setings zu setzen ?!
Motte990
Motte990 12.08.2020 aktualisiert um 15:46:20 Uhr
Goto Top
So jetzt habe ich die Einstellungen vorgenommen sowie die beiden DNS Server von KDG.

WAN
15:39:12.983727 IP 192.168.178.2.13201 > 83.169.186.33.53: UDP, length 62
15:39:13.001643 IP 83.169.186.33.53 > 192.168.178.2.13201: UDP, length 122
15:39:13.001750 IP 192.168.178.2.13045 > 83.169.186.97.53: UDP, length 77
15:39:13.021613 IP 83.169.186.97.53 > 192.168.178.2.13045: UDP, length 93

LAN
15:40:29.997470 IP 192.168.110.20.51621 > 192.168.110.1.53: UDP, length 34
15:40:29.997579 IP 192.168.110.1.53 > 192.168.110.20.51621: UDP, length 50
15:40:32.451767 IP 192.168.110.20.49237 > 192.168.110.1.53: UDP, length 44
15:40:32.471349 IP 192.168.110.1.53 > 192.168.110.20.49237: UDP, length 44
15:40:32.474404 IP 192.168.110.20.50234 > 192.168.110.1.53: UDP, length 37
15:40:32.474489 IP 192.168.110.1.53 > 192.168.110.20.50234: UDP, length 37
15:40:34.776124 IP 192.168.110.20.57974 > 192.168.110.1.53: UDP, length 37
15:40:34.797640 IP 192.168.110.1.53 > 192.168.110.20.57974: UDP, length 37

So sieht das ja schon mal gut aus. Nur irgendwann kommt dann halt die Meldung im Chrome " DNS_PROBE_FINISHED_BAD_CONFIG "

Setze ich in den Global Einstellungen die IP der Fritzbox 192.168.178.1 dann kann ich gar keine Seite aufrufen dann kommt sofort " DNS_PROBE_FINISHED_BAD_CONFIG ".

Die Interne Auflösung klappt wie nslookup zeigt aber nach außen leider nicht.


Auszug der Log des DNS:

Aug 12 15:38:03	unbound	82750:0	info: service stopped (unbound 1.10.1).
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 0: 196 queries, 76 answers from cache, 120 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 0: requestlist max 5 avg 0.908333 exceeded 0 jostled 0
Aug 12 15:38:03	unbound	82750:0	info: average recursion processing time 0.254262 sec
Aug 12 15:38:03	unbound	82750:0	info: histogram of recursion processing times
Aug 12 15:38:03	unbound	82750:0	info: [25%]=0.0566798 median[50%]=0.109227 [75%]=0.228162
Aug 12 15:38:03	unbound	82750:0	info: lower(secs) upper(secs) recursions
Aug 12 15:38:03	unbound	82750:0	info: 0.000000 0.000001 1
Aug 12 15:38:03	unbound	82750:0	info: 0.004096 0.008192 1
Aug 12 15:38:03	unbound	82750:0	info: 0.016384 0.032768 1
Aug 12 15:38:03	unbound	82750:0	info: 0.032768 0.065536 37
Aug 12 15:38:03	unbound	82750:0	info: 0.065536 0.131072 30
Aug 12 15:38:03	unbound	82750:0	info: 0.131072 0.262144 27
Aug 12 15:38:03	unbound	82750:0	info: 0.262144 0.524288 12
Aug 12 15:38:03	unbound	82750:0	info: 0.524288 1.000000 6
Aug 12 15:38:03	unbound	82750:0	info: 1.000000 2.000000 2
Aug 12 15:38:03	unbound	82750:0	info: 2.000000 4.000000 3
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 1: 56 queries, 16 answers from cache, 40 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 1: requestlist max 5 avg 0.4 exceeded 0 jostled 0
Aug 12 15:38:03	unbound	82750:0	info: average recursion processing time 0.313572 sec
Aug 12 15:38:03	unbound	82750:0	info: histogram of recursion processing times
Aug 12 15:38:03	unbound	82750:0	info: [25%]=0.0436907 median[50%]=0.102985 [75%]=0.299593
Aug 12 15:38:03	unbound	82750:0	info: lower(secs) upper(secs) recursions
Aug 12 15:38:03	unbound	82750:0	info: 0.000000 0.000001 3
Aug 12 15:38:03	unbound	82750:0	info: 0.016384 0.032768 4
Aug 12 15:38:03	unbound	82750:0	info: 0.032768 0.065536 9
Aug 12 15:38:03	unbound	82750:0	info: 0.065536 0.131072 7
Aug 12 15:38:03	unbound	82750:0	info: 0.131072 0.262144 6
Aug 12 15:38:03	unbound	82750:0	info: 0.262144 0.524288 7
Aug 12 15:38:03	unbound	82750:0	info: 1.000000 2.000000 2
Aug 12 15:38:03	unbound	82750:0	info: 2.000000 4.000000 2
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 2: 93 queries, 44 answers from cache, 49 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 2: requestlist max 3 avg 0.428571 exceeded 0 jostled 0
Aug 12 15:38:03	unbound	82750:0	info: average recursion processing time 0.369381 sec
Aug 12 15:38:03	unbound	82750:0	info: histogram of recursion processing times
Aug 12 15:38:03	unbound	82750:0	info: [25%]=0.0633018 median[50%]=0.158379 [75%]=0.334234
Aug 12 15:38:03	unbound	82750:0	info: lower(secs) upper(secs) recursions
Aug 12 15:38:03	unbound	82750:0	info: 0.000000 0.000001 1
Aug 12 15:38:03	unbound	82750:0	info: 0.016384 0.032768 1
Aug 12 15:38:03	unbound	82750:0	info: 0.032768 0.065536 11
Aug 12 15:38:03	unbound	82750:0	info: 0.065536 0.131072 9
Aug 12 15:38:03	unbound	82750:0	info: 0.131072 0.262144 12
Aug 12 15:38:03	unbound	82750:0	info: 0.262144 0.524288 10
Aug 12 15:38:03	unbound	82750:0	info: 0.524288 1.000000 1
Aug 12 15:38:03	unbound	82750:0	info: 2.000000 4.000000 4
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 3: 82 queries, 31 answers from cache, 51 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:03	unbound	82750:0	info: server stats for thread 3: requestlist max 2 avg 0.352941 exceeded 0 jostled 0
Aug 12 15:38:03	unbound	82750:0	info: average recursion processing time 0.340255 sec
Aug 12 15:38:03	unbound	82750:0	info: histogram of recursion processing times
Aug 12 15:38:03	unbound	82750:0	info: [25%]=0.0464213 median[50%]=0.0800996 [75%]=0.221184
Aug 12 15:38:03	unbound	82750:0	info: lower(secs) upper(secs) recursions
Aug 12 15:38:03	unbound	82750:0	info: 0.000000 0.000001 1
Aug 12 15:38:03	unbound	82750:0	info: 0.004096 0.008192 1
Aug 12 15:38:03	unbound	82750:0	info: 0.016384 0.032768 3
Aug 12 15:38:03	unbound	82750:0	info: 0.032768 0.065536 18
Aug 12 15:38:03	unbound	82750:0	info: 0.065536 0.131072 9
Aug 12 15:38:03	unbound	82750:0	info: 0.131072 0.262144 8
Aug 12 15:38:03	unbound	82750:0	info: 0.262144 0.524288 4
Aug 12 15:38:03	unbound	82750:0	info: 0.524288 1.000000 2
Aug 12 15:38:03	unbound	82750:0	info: 1.000000 2.000000 1
Aug 12 15:38:03	unbound	82750:0	info: 2.000000 4.000000 3
Aug 12 15:38:03	unbound	82750:0	notice: Restart of unbound 1.10.1.
Aug 12 15:38:13	unbound	82750:0	notice: init module 0: validator
Aug 12 15:38:13	unbound	82750:0	notice: init module 1: iterator
Aug 12 15:38:13	unbound	82750:0	info: start of service (unbound 1.10.1).
Aug 12 15:38:13	unbound	82750:0	info: service stopped (unbound 1.10.1).
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 2: 5 queries, 3 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 2: requestlist max 1 avg 0.5 exceeded 0 jostled 0
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 3: 4 queries, 2 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:13	unbound	82750:0	info: server stats for thread 3: requestlist max 1 avg 0.5 exceeded 0 jostled 0
Aug 12 15:38:25	unbound	63625:0	notice: init module 0: validator
Aug 12 15:38:25	unbound	63625:0	notice: init module 1: iterator
Aug 12 15:38:25	unbound	63625:0	info: start of service (unbound 1.10.1).
Aug 12 15:38:25	unbound	63625:0	info: service stopped (unbound 1.10.1).
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 0: 17 queries, 4 answers from cache, 13 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 0: requestlist max 6 avg 3.92308 exceeded 0 jostled 0
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug 12 15:38:25	unbound	63625:0	info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug 12 15:38:25	unbound	63625:0	notice: Restart of unbound 1.10.1.
Aug 12 15:38:35	unbound	63625:0	notice: init module 0: validator
Aug 12 15:38:35	unbound	63625:0	notice: init module 1: iterator
Aug 12 15:38:35	unbound	63625:0	info: start of service (unbound 1.10.1).
Aug 12 15:38:35	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:38:35	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:39:37	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:39:37	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:39:37	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:39:37	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:39:37	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:39:37	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:39:37	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:39:37	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:39:37	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:39:37	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:39:37	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:39:37	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:40:39	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:40:39	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:40:39	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:40:39	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:40:39	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:40:39	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:40:39	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:40:39	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:40:39	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:40:39	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:40:39	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:40:39	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:40	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:40	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:41	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:41	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:41	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:41	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:41:41	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:41:41	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:0	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:0	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:0	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:0	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:0	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:0	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:42:42	unbound	63625:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:42:42	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:43:47	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:43:47	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:43:47	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:43:47	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:43:47	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:43:47	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:43:47	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:43:47	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:43:47	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:43:47	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:43:47	unbound	63625:3	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:43:47	unbound	63625:3	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:1	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:1	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:1	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:2	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:1	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:1	info: generate keytag query _ta-4f66. NULL IN
Aug 12 15:44:49	unbound	63625:2	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Aug 12 15:44:49	unbound	63625:1	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
nslookup 1
Motte990
Motte990 12.08.2020 um 15:53:38 Uhr
Goto Top
Sorry für den Doppel Post . Nach dem ich die DNS Server von KDG sowie Fritzbox genommen habe kann ich wieder keine Seiten aufrufen. Kommt immer
" DNS_PROBE_FINISHED_BAD_CONFIG ".

Nehme ich 8.8.8.8 oder 1.1.1.1 oder 9.9.9.9 kallpt wieder alles
michi1983
michi1983 12.08.2020 um 19:46:41 Uhr
Goto Top
wenn die Fritte die Einwahl macht, dann konfiguriere doch dort die Provider DNS korrekt.

Und auf der Pfsense trägst du als DNS dann die IP der Fritte ein.

Gruß
Motte990
Motte990 12.08.2020 um 19:51:57 Uhr
Goto Top
Das geht nicht wenn DNS und DHCP aus sind dann geht dort nix außerdem ist es eine Miet gerät.
Ich glaube ehr das die Fritzbox kein Proxy DNS kann ( hab ich gelesen).

In einem Miet Gerät von KDG kann man keinen Extra DNS Server setzen.
michi1983
michi1983 12.08.2020 um 20:31:50 Uhr
Goto Top
was bitte ist KDG und was für eine Fritzbox ist es denn genau? Modell, FritzOS Version?
Motte990
Motte990 12.08.2020 aktualisiert um 21:36:43 Uhr
Goto Top
KDG =Kabeldeutschland / Vodafone

Ist eine 6490 mit fritzos 07.12
Das Fritzos ist speziell für Vodafone gemacht dort sind etliche Einstellungen garnicht verfügbar z.b. Eigene DNS Server für ipv4/6 zu setzen
michi1983
michi1983 12.08.2020 um 21:57:28 Uhr
Goto Top
Wenn du dort aber nix ändern kannst, wie soll der DNS Server dann „aus“ sein?

Lass die Fritte doch einfach machen wofür Vodafone sie hergerichtet hat, trag auf der pfsense die IP der Fritte ein als DNS Server und alles wird gut.
Motte990
Motte990 13.08.2020 um 05:45:51 Uhr
Goto Top
Ändern im Sinne des zu nutzenden Öffentlichen DNS Sodas nicht der Provider DNS genutzt wird.

Auf Lokaler Ebene ist DHCP und DNS aus da das ja die Pfsense macht.

Trage ich unter Allgemein die Fritzbox 192.168.178.1 als DNS Server ein bekomme ich nach paar Minuten im Google Chrome die Fehlermeldung " DNS_PROBE_FINISHED_BAD_CONFIG "

Hab testweise sogar die Pfsense Neu aufgesetzt um Fehler in der Config auszuschließen. Aber selbe in grün.

Kann es sein das die Fritzbox in der geänderten FritzOS Version das garnicht kann ?
Das wenn sie nicht explizit als DNS Server Lokal eingestellt ist ?
cfcbb6cf-71ce-4290-834e-be8001dd2d5e.
ecba13c2-2ac5-4157-b65d-9d3b0cf51a0d
Motte990
Motte990 14.08.2020 aktualisiert um 10:09:38 Uhr
Goto Top
Ich habe nochmal einen Anderen Test gemacht.

Und zwar habe ich auf einem Client direkt die fritzbox IP als DNS eingetragen und da klappt die Auflösung nach Außen.

Also macht irgendwie die Pfsense nicht mit. Nur wo ist der Fehler in meiner Config? Wenn ich die Neu aufsetze dann fragt er am Anfang gleich nach dem DNS Server dort Trage ich die Fritzbox ein.


NACHTRAG:

Sobald ich DNS Abrfrage Weiterleitung Aktiviere klappt nix mehr
DNS Abfrage WeiterleitungWeiterleitungsmodus aktivieren
Wenn diese Option angewählt ist werden alle DNS Anfragen zu den Upstream DNS Server geschickt, die unter System > General Setup konfiguriert oder die über DHCP/PPP auf WAN erhalten wurden (Wenn DNS Server überschreiben dort aktiviert ist).
dns
Motte990
Motte990 18.08.2020 um 20:51:41 Uhr
Goto Top
Kann Mir keiner Helfen?
aqui
Lösung aqui 19.08.2020, aktualisiert am 20.08.2020 um 15:51:23 Uhr
Goto Top
Eigentlich kinderleicht....
So sollte es aussehen:
DNS Forwarder AUSschalten !
dnsforwa

Resolver EINschalten und Forwarding Mode aktivieren !
res1
dns2

Fertisch !
Motte990
Motte990 20.08.2020 um 07:48:20 Uhr
Goto Top
Gut das es so nicht Klappt!

Genau so eingestellt und unter Generell die 192.168.178.1 eingetragen ... Resultat keine Domain kann mehr aufgerufen werden .

Kann es sein das die Fritzbox das garnicht so kann ?
aqui
aqui 20.08.2020 aktualisiert um 09:42:26 Uhr
Goto Top
Nein, die FritzBox hat damit rein gar nichts zu tun. Aus Sicht der pfSense ist die FB ja nichts anderes als ein DNS Server.
Du musst irgendetwas verfummelt haben bei dir. Fragt sich nur was. Das o.a. Setup funktioniert wasserdicht und ist die klassische Konfig fürs DNS. Was hast du denn im DNS Setting eingestellt ??
Zur o.a. Konfig sieht das so aus:
dns
Bei reiner DHCP Adress Vergabe am WAN Port kann man die statischen DNS Server Einträge auch leer lassen, denn wenn unten so oder so der "Override" Haken gesetzt ist wird der dynamisch erlernte DNS Server immer Priorität vor den statischen haben !
Das muss so klappen !
Das Blocken der RFC 1918 IP Adressen hast du in deiner Kaskade hoffentlich deaktiviert ?! (Haken unten am In terface WAN !)
Ansonsten Box resetten und DNS neu aufsetzen.
Motte990
Motte990 20.08.2020 um 14:55:37 Uhr
Goto Top
Fangen wir mal an. Fritzbox 192.168.178.1/24 DHCP Aus .
DNS Server Settings DNS Server 192.168.178.1 DNS Name Leer GW none Haken DNS Server Override. ( bei DNS Server 9.9.9.9 gw 192.168.178.1)

Blocken der RFC 1918 IP Adressen --->>> ist aus

DNS Query Forwarding Enable Forwarding Mode an
Enable DNS forwarder aus.

Hier mal die Configs:

Interface

<interfaces>
	<wan>
		<enable></enable>
		<if>em0</if>
		<blockbogons></blockbogons>
		<spoofmac>00:00:00:00:00:10</spoofmac>
		<descr><![CDATA[WAN]]></descr>
		<ipaddr>192.168.178.2</ipaddr>
		<subnet>24</subnet>
		<gateway>GW_WAN</gateway>
	</wan>
	<lan>
		<enable></enable>
		<if>em1</if>
		<ipaddr>192.168.110.1</ipaddr>
		<subnet>24</subnet>
		<ipaddrv6></ipaddrv6>
		<subnetv6></subnetv6>
		<media></media>
		<mediaopt></mediaopt>
		<track6-interface>wan</track6-interface>
		<track6-prefix-id>0</track6-prefix-id>
		<gateway></gateway>
		<gatewayv6></gatewayv6>
	</lan>
</interfaces>
System

<system>
	<optimization>conservative</optimization>
	<hostname>pfsense</hostname>
	<domain>heimnetz</domain>
	<group>
		<name>OpenVPN User</name>
		<description></description>
		<scope>remote</scope>
		<gid>2000</gid>
		<member>2000</member>
	</group>
	<group>
		<name>admins</name>
		<description><![CDATA[System Administrators]]></description>
		<scope>system</scope>
		<gid>1999</gid>
		<member>0</member>
		<priv>page-all</priv>
	</group>
	<group>
		<name>all</name>
		<description><![CDATA[All Users]]></description>
		<scope>system</scope>
		<gid>1998</gid>
	</group>
	<user>
		<name>admin</name>
		<descr><![CDATA[System Administrator]]></descr>
		<scope>system</scope>
		<groupname>admins</groupname>
		<bcrypt-hash>$2y$10$Onh2qfaXuCN8nVk0u6XpsuJ8rwuUSMvZhyPjoQIq9XG0AHSqU0zha</bcrypt-hash>
		<uid>0</uid>
		<priv>user-shell-access</priv>
	</user>
	<user>
		<scope>user</scope>
		<bcrypt-hash>$2y$10$MOkbVJPrmrhMZG8sQt.v4.2cJJA1nzJJOUlfZaGNmTiQ/rWr8FbSS</bcrypt-hash>
		<descr></descr>
		<name>nicovpn</name>
		<expires></expires>
		<dashboardcolumns>2</dashboardcolumns>
		<authorizedkeys></authorizedkeys>
		<ipsecpsk></ipsecpsk>
		<webguicss>pfSense.css</webguicss>
		<cert>5f3659d2b05ad</cert>
		<uid>2000</uid>
	</user>
	<nextuid>2001</nextuid>
	<nextgid>2001</nextgid>
	<timeservers>2.pfsense.pool.ntp.org</timeservers>
	<webgui>
		<protocol>https</protocol>
		<loginautocomplete></loginautocomplete>
		<ssl-certref>5f363ec419b69</ssl-certref>
		<dashboardcolumns>2</dashboardcolumns>
		<webguicss>pfSense-dark.css</webguicss>
		<logincss>1e3f75;</logincss>
		<port>55222</port>
		<max_procs>2</max_procs>
		<disablehsts></disablehsts>
	</webgui>
	<disablesegmentationoffloading></disablesegmentationoffloading>
	<disablelargereceiveoffloading></disablelargereceiveoffloading>
	<maximumtableentries>400000</maximumtableentries>
	<powerd_ac_mode>hadp</powerd_ac_mode>
	<powerd_battery_mode>hadp</powerd_battery_mode>
	<powerd_normal_mode>hadp</powerd_normal_mode>
	<bogons>
		<interval>monthly</interval>
	</bogons>
	<already_run_config_upgrade></already_run_config_upgrade>
	<timezone>Europe/Berlin</timezone>
	<language>en_US</language>
	<dns1gw>GW_WAN</dns1gw>
	<ssh>
		<enable>enabled</enable>
	</ssh>
	<serialspeed>115200</serialspeed>
	<primaryconsole>serial</primaryconsole>
	<sshguard_threshold></sshguard_threshold>
	<sshguard_blocktime></sshguard_blocktime>
	<sshguard_detection_time></sshguard_detection_time>
	<sshguard_whitelist></sshguard_whitelist>
	<maximumstates></maximumstates>
	<aliasesresolveinterval></aliasesresolveinterval>
	<maximumfrags></maximumfrags>
	<enablenatreflectionpurenat>yes</enablenatreflectionpurenat>
	<enablenatreflectionhelper>yes</enablenatreflectionhelper>
	<reflectiontimeout></reflectiontimeout>
	<powerd_enable></powerd_enable>
	<crypto_hardware>aesni_cryptodev</crypto_hardware>
	<thermal_hardware>coretemp</thermal_hardware>
	<mds_disable>3</mds_disable>
	<use_mfs_tmp_size></use_mfs_tmp_size>
	<use_mfs_var_size></use_mfs_var_size>
	<pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo.conf</pkg_repo_conf_path>
	<dnsserver>9.9.9.9</dnsserver>
	<dnsallowoverride></dnsallowoverride>
</system>

DNS

<unbound>
	<enable></enable>
	<active_interface>all</active_interface>
	<outgoing_interface>all</outgoing_interface>
	<custom_options>c2VydmVyOmluY2x1ZGU6IC92YXIvdW5ib3VuZC9wZmJfZG5zYmwuKmNvbmY=</custom_options>
	<hideidentity></hideidentity>
	<hideversion></hideversion>
	<dnssecstripped></dnssecstripped>
	<port></port>
	<sslport></sslport>
	<sslcertref>5f363ec419b69</sslcertref>
	<regovpnclients></regovpnclients>
	<system_domain_local_zone_type>transparent</system_domain_local_zone_type>
	<forward_tls_upstream></forward_tls_upstream>
	<msgcachesize>4</msgcachesize>
	<outgoing_num_tcp>10</outgoing_num_tcp>
	<incoming_num_tcp>10</incoming_num_tcp>
	<edns_buffer_size>auto</edns_buffer_size>
	<num_queries_per_thread>512</num_queries_per_thread>
	<jostle_timeout>200</jostle_timeout>
	<cache_max_ttl>86400</cache_max_ttl>
	<cache_min_ttl>0</cache_min_ttl>
	<infra_host_ttl>900</infra_host_ttl>
	<infra_cache_numhosts>10000</infra_cache_numhosts>
	<unwanted_reply_threshold>disabled</unwanted_reply_threshold>
	<log_verbosity>2</log_verbosity>
	<regdhcpstatic></regdhcpstatic>
	<regdhcp></regdhcp>
	<hosts>
		<host>ultrabox</host>
		<domain>heimnetz</domain>
		<ip>192.168.178.1</ip>
		<descr><![CDATA[ultrabox.heimnetz]]></descr>
		<aliases></aliases>
	</hosts>
	<dnssec></dnssec>
	<forwarding></forwarding>
</unbound>

DHCP

<dhcpd>
	<lan>
		<range>
			<from>192.168.110.100</from>
			<to>192.168.110.130</to>
		</range>
		<enable></enable>
		<failover_peerip></failover_peerip>
		<dhcpleaseinlocaltime></dhcpleaseinlocaltime>
		<defaultleasetime></defaultleasetime>
		<maxleasetime></maxleasetime>
		<netmask></netmask>
		<gateway>192.168.110.1</gateway>
		<domain>heimnetz</domain>
		<domainsearchlist></domainsearchlist>
		<ddnsdomain></ddnsdomain>
		<ddnsdomainprimary></ddnsdomainprimary>
		<ddnsdomainsecondary></ddnsdomainsecondary>
		<ddnsdomainkeyname></ddnsdomainkeyname>
		<ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm>
		<ddnsdomainkey></ddnsdomainkey>
		<mac_allow></mac_allow>
		<mac_deny></mac_deny>
		<ddnsclientupdates>allow</ddnsclientupdates>
		<tftp></tftp>
		<ldap></ldap>
		<nextserver></nextserver>
		<filename></filename>
		<filename32></filename32>
		<filename64></filename64>
		<rootpath></rootpath>
		<numberoptions></numberoptions>
		<staticmap>
			<mac>00:00:00:00:00:30</mac>
			<cid>servde</cid>
			<ipaddr>192.168.110.2</ipaddr>
			<hostname>servde</hostname>
			<descr><![CDATA[Debian 10 Server]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>00:00:00:00:00:40</mac>
			<cid>DC01</cid>
			<ipaddr>192.168.110.3</ipaddr>
			<hostname>DC01</hostname>
			<descr><![CDATA[Windows Server 2019 DC]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>50:e5:49:c2:d1:2a</mac>
			<cid>Motte</cid>
			<ipaddr>192.168.110.20</ipaddr>
			<hostname>Motte</hostname>
			<descr><![CDATA[Nico PC]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>00:e0:4c:5f:fd:32</mac>
			<cid>DYMOND-5FFD33</cid>
			<ipaddr>192.168.110.21</ipaddr>
			<hostname>DYMOND-5FFD33</hostname>
			<descr><![CDATA[WLAN REPEATER]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>00:11:32:83:96:26</mac>
			<cid>fileservde</cid>
			<ipaddr>192.168.110.22</ipaddr>
			<hostname>fileservde</hostname>
			<descr><![CDATA[Synology]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>50:3e:aa:ce:c3:f4</mac>
			<cid>Jenny</cid>
			<ipaddr>192.168.110.23</ipaddr>
			<hostname>Jenny</hostname>
			<descr><![CDATA[Laptop]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>84:d6:d0:4d:f3:15</mac>
			<cid>amazon-71dd4929d</cid>
			<ipaddr>192.168.110.24</ipaddr>
			<hostname>amazon-71dd4929d</hostname>
			<descr><![CDATA[FireTV]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>fc:49:2d:04:93:d7</mac>
			<cid>amazon-ff957ec4b</cid>
			<ipaddr>192.168.110.25</ipaddr>
			<hostname>amazon-ff957ec4b</hostname>
			<descr><![CDATA[FireTV]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>bc:60:a7:33:25:67</mac>
			<cid>PS4</cid>
			<ipaddr>192.168.110.26</ipaddr>
			<hostname>PS4</hostname>
			<descr><![CDATA[PS4]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>a8:47:4a:01:38:b5</mac>
			<cid>PS4_2</cid>
			<ipaddr>192.168.110.27</ipaddr>
			<hostname>PS4</hostname>
			<descr><![CDATA[PS4]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>94:b0:1f:15:1e:86</mac>
			<cid>SAP-ACCESS</cid>
			<ipaddr>192.168.110.28</ipaddr>
			<hostname>SAP-ACCESS</hostname>
			<descr><![CDATA[Handy Nico]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>38:c9:86:da:4f:fc</mac>
			<cid>AppleWahvonNico</cid>
			<ipaddr>192.168.110.29</ipaddr>
			<hostname>AppleWahvonNico</hostname>
			<descr><![CDATA[AppleWahvonNico]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>88:53:95:16:af:27</mac>
			<cid>Horst</cid>
			<ipaddr>192.168.110.30</ipaddr>
			<hostname>Horst</hostname>
			<descr><![CDATA[IPAD]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>bc:fe:d9:83:bf:23</mac>
			<cid>JennifersiPhone</cid>
			<ipaddr>192.168.110.31</ipaddr>
			<hostname>JennifersiPhone</hostname>
			<descr><![CDATA[JennifersiPhone]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>30:85:a9:79:05:9a</mac>
			<cid>Jenny_Laptop</cid>
			<ipaddr>192.168.110.32</ipaddr>
			<hostname>Jenny</hostname>
			<descr><![CDATA[Jenny_Laptop]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>74:58:f3:c8:88:76</mac>
			<cid>FireTab</cid>
			<ipaddr>192.168.110.33</ipaddr>
			<hostname>FireTab</hostname>
			<descr><![CDATA[FireTab]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>74:e1:82:2c:da:de</mac>
			<cid>Tonibox</cid>
			<ipaddr>192.168.110.34</ipaddr>
			<hostname>Tonibox</hostname>
			<descr><![CDATA[Tonibox]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>f4:0f:24:50:4c:c2</mac>
			<cid>AppleWaJennifer</cid>
			<ipaddr>192.168.110.35</ipaddr>
			<hostname>AppleWaJennifer</hostname>
			<descr></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<staticmap>
			<mac>00:23:24:61:f2:c1</mac>
			<cid>vhost</cid>
			<ipaddr>192.168.110.200</ipaddr>
			<hostname>vhost</hostname>
			<descr><![CDATA[VMware ESXI]]></descr>
			<arp_table_static_entry></arp_table_static_entry>
			<filename></filename>
			<rootpath></rootpath>
			<defaultleasetime></defaultleasetime>
			<maxleasetime></maxleasetime>
			<gateway></gateway>
			<domain></domain>
			<domainsearchlist></domainsearchlist>
			<ddnsdomain></ddnsdomain>
			<ddnsdomainprimary></ddnsdomainprimary>
			<ddnsdomainkeyname></ddnsdomainkeyname>
			<ddnsdomainkey></ddnsdomainkey>
			<tftp></tftp>
			<ldap></ldap>
		</staticmap>
		<dnsserver>192.168.110.1</dnsserver>
	</lan>
</dhcpd>


DHCP WAN Port ist aus . Richtig?
Motte990
Motte990 20.08.2020 um 15:07:39 Uhr
Goto Top
Glaube ich habe den Fehler gerade gefunden.

Enable DNSSEC Support das war an.


15:03:31.461721 IP 192.168.178.2.11673 > 192.168.178.1.53: UDP, length 46
15:03:31.510156 IP 192.168.178.1.53 > 192.168.178.2.11673: UDP, length 74
15:03:31.725124 IP 192.168.178.2.3388 > 192.168.178.1.53: UDP, length 46
15:03:31.766206 IP 192.168.178.1.53 > 192.168.178.2.3388: UDP, length 74
15:03:33.106809 IP 192.168.178.2.31480 > 192.168.178.1.53: UDP, length 57
15:03:33.106990 IP 192.168.178.2.48836 > 192.168.178.1.53: UDP, length 57
15:03:33.107151 IP 192.168.178.2.56961 > 192.168.178.1.53: UDP, length 51
15:03:33.107327 IP 192.168.178.2.57856 > 192.168.178.1.53: UDP, length 57
15:03:33.107589 IP 192.168.178.2.60039 > 192.168.178.1.53: UDP, length 48
15:03:33.107682 IP 192.168.178.2.64416 > 192.168.178.1.53: UDP, length 48
15:03:33.127967 IP 192.168.178.2.52182 > 192.168.178.1.53: UDP, length 40
15:03:33.128334 IP 192.168.178.1.53 > 192.168.178.2.31480: UDP, length 85

Jetzt macht die Pfsense die Abfrage zur Fritzbox.

Also kann die Fritzbox kein

dns5
aqui
Lösung aqui 20.08.2020, aktualisiert am 21.08.2020 um 16:19:13 Uhr
Goto Top
Tja, wer lesen (oder bunte Bilder ansehen kann) kann.... !!!
Siehe Screenshot oben ! face-wink
Fast keiner der Proxy DNS auf Heimoutern kann DNSSEC. Das wird wohl noch dauern. Weiss man aber auch als Netzwerker.

Case closed !
Wie kann ich einen Beitrag als gelöst markieren?