dns servers: local recursor

General questions.
Post Reply
User avatar
Humulus
Posts: 19
Joined: July 11th, 2013, 12:55 pm
Location: Netherlands

dns servers: local recursor

Post by Humulus » April 6th, 2017, 9:04 am

Hi all,

I'm on IPFire 2.19 (i586) - Core Update 109 with red on a fixed IP address.

I was using the Google DNS servers, but had some performance issues. After checking with namebench I found that the OpenDNS servers were a lot faster, so I started setup and changed the DNS servers.
Now I get "DNS servers: local recursor" on my ipfire homepage, even after a reboot.
Changed back again to the Google DNS servers, but still get "DNS servers: local recursor" in stead of the IP addresses of the DNS servers used.

Is this just a small bug in the GUI?
How can I check if Unbound works OK?

User avatar
Humulus
Posts: 19
Joined: July 11th, 2013, 12:55 pm
Location: Netherlands

dns servers: local recursor

Post by Humulus » April 6th, 2017, 9:17 am

Found a post that mentioned running "/etc/init.d/unbound update-forwarders"

After running "/etc/init.d/unbound update-forwarders" the homepage shows the DNS server IP addresses in stead of "local recursor".

User avatar
Humulus
Posts: 19
Joined: July 11th, 2013, 12:55 pm
Location: Netherlands

dns servers: local recursor

Post by Humulus » April 6th, 2017, 9:34 am

Ok, according to the wiki about public DNS servers the OpenDNS servers can't be used because they strip RRSIG.

So the only question is: Why do I have to run "/etc/init.d/unbound update-forwarders" manually?

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5796
Joined: August 11th, 2005, 9:02 am

Re: dns servers: local recursor

Post by MichaelTremer » April 6th, 2017, 12:00 pm

You don't have to run this.

OpenDNS is despite its name not DNS. They might be fast, but they don't give you what is in the public DNS.

So they are plain incompatible with IPFire which uses DNSSEC to verify that nobody has forged any DNS responses. OpenDNS strips that information away and therefore all responses coming from them are not verifiable and therefore dropped.
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

User avatar
Humulus
Posts: 19
Joined: July 11th, 2013, 12:55 pm
Location: Netherlands

Re: dns servers: local recursor

Post by Humulus » April 6th, 2017, 12:55 pm

MichaelTremer wrote:OpenDNS is despite its name not DNS. They might be fast, but they don't give you what is in the public DNS.
Hi Michael,

Yes, that's what I understood from the wiki.

But what I didn't get was that when I reversed back to the Google DNS servers, a reboot didn't work. I had to update the forwarders manually.

regards,
Ruud

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5796
Joined: August 11th, 2005, 9:02 am

Re: dns servers: local recursor

Post by MichaelTremer » April 6th, 2017, 7:39 pm

Did you change this on the setup or where?
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

User avatar
Humulus
Posts: 19
Joined: July 11th, 2013, 12:55 pm
Location: Netherlands

Re: dns servers: local recursor

Post by Humulus » April 7th, 2017, 6:53 am

MichaelTremer wrote:Did you change this on the setup or where?
Yes, I made the change via setup.

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5796
Joined: August 11th, 2005, 9:02 am

Re: dns servers: local recursor

Post by MichaelTremer » April 8th, 2017, 6:22 pm

That should restart the network and therefore update the DNS settings.
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

User avatar
Humulus
Posts: 19
Joined: July 11th, 2013, 12:55 pm
Location: Netherlands

Re: dns servers: local recursor

Post by Humulus » April 10th, 2017, 11:34 am

MichaelTremer wrote:That should restart the network and therefore update the DNS settings.
Yes, it should but it didn't. Even after a reboot the WUI showed "local recursor".
After running "/etc/init.d/unbound update-forwarders" the DNS servers were shown in the WUI .

erikvl
Posts: 16
Joined: April 9th, 2018, 9:14 am

Re: dns servers: local recursor

Post by erikvl » November 28th, 2019, 2:22 pm

I know this is a (very) old thread. But I just want to add a me too on version 2.23 update 138.

Changed DNS servers via setup to 8.8.8.8 and 8.8.4.4. Main page showed local recursor, but netexternal showed both Google servers under DNSSEC information.

After /etc/init.d/unbound update-forwarders, main page was correct.

IT_teacher
Posts: 32
Joined: December 28th, 2010, 4:28 pm
Location: Latvia

Re: dns servers: local recursor

Post by IT_teacher » November 28th, 2019, 6:31 pm

Me too!
I have set ipfire DNS to 1.1.1.1 and 8.8.8.8, and ipfire is set as DNS for LAN, DNS queries from LAN to outside DNS servers is blocked by ipfire firewall rules on behalf of IT admin, but wery often, and, especially after any ipfire core update (and restarting PC as requires update process) ipfire WEBUI main page says DNS is local recursor, and DNS service for LAN is not working correctly (domain names from local hosts files is doubled, i.e moodle.exemple.com.example.com instead of moodle.exemple.com), and i must manually go to terminal to enter mentioned "/etc/init.d/unbound update-forwarders", after what temporarily DNS is working as expected.
I have core version 138 at this time.
How to get rid of that recursor completely and definitively.

DJ-Melo
Posts: 675
Joined: July 8th, 2014, 7:12 am

Re: dns servers: local recursor

Post by DJ-Melo » November 29th, 2019, 10:45 am

https://bugzilla.ipfire.org/show_bug.cgi?id=12198

The temporary solution until it is solved is to access via ssh and put:

Code: Select all

/etc/init.d/unbound restart
It is solved until the next restart, which reappears.

Post Reply