Page 1 of 1

dns servers: local recursor

Posted: April 6th, 2017, 9:04 am
by Humulus
Hi all,

I'm on IPFire 2.19 (i586) - Core Update 109 with red on a fixed IP address.

I was using the Google DNS servers, but had some performance issues. After checking with namebench I found that the OpenDNS servers were a lot faster, so I started setup and changed the DNS servers.
Now I get "DNS servers: local recursor" on my ipfire homepage, even after a reboot.
Changed back again to the Google DNS servers, but still get "DNS servers: local recursor" in stead of the IP addresses of the DNS servers used.

Is this just a small bug in the GUI?
How can I check if Unbound works OK?

dns servers: local recursor

Posted: April 6th, 2017, 9:17 am
by Humulus
Found a post that mentioned running "/etc/init.d/unbound update-forwarders"

After running "/etc/init.d/unbound update-forwarders" the homepage shows the DNS server IP addresses in stead of "local recursor".

dns servers: local recursor

Posted: April 6th, 2017, 9:34 am
by Humulus
Ok, according to the wiki about public DNS servers the OpenDNS servers can't be used because they strip RRSIG.

So the only question is: Why do I have to run "/etc/init.d/unbound update-forwarders" manually?

Re: dns servers: local recursor

Posted: April 6th, 2017, 12:00 pm
by MichaelTremer
You don't have to run this.

OpenDNS is despite its name not DNS. They might be fast, but they don't give you what is in the public DNS.

So they are plain incompatible with IPFire which uses DNSSEC to verify that nobody has forged any DNS responses. OpenDNS strips that information away and therefore all responses coming from them are not verifiable and therefore dropped.

Re: dns servers: local recursor

Posted: April 6th, 2017, 12:55 pm
by Humulus
MichaelTremer wrote:OpenDNS is despite its name not DNS. They might be fast, but they don't give you what is in the public DNS.
Hi Michael,

Yes, that's what I understood from the wiki.

But what I didn't get was that when I reversed back to the Google DNS servers, a reboot didn't work. I had to update the forwarders manually.

regards,
Ruud

Re: dns servers: local recursor

Posted: April 6th, 2017, 7:39 pm
by MichaelTremer
Did you change this on the setup or where?

Re: dns servers: local recursor

Posted: April 7th, 2017, 6:53 am
by Humulus
MichaelTremer wrote:Did you change this on the setup or where?
Yes, I made the change via setup.

Re: dns servers: local recursor

Posted: April 8th, 2017, 6:22 pm
by MichaelTremer
That should restart the network and therefore update the DNS settings.

Re: dns servers: local recursor

Posted: April 10th, 2017, 11:34 am
by Humulus
MichaelTremer wrote:That should restart the network and therefore update the DNS settings.
Yes, it should but it didn't. Even after a reboot the WUI showed "local recursor".
After running "/etc/init.d/unbound update-forwarders" the DNS servers were shown in the WUI .

Re: dns servers: local recursor

Posted: November 28th, 2019, 2:22 pm
by erikvl
I know this is a (very) old thread. But I just want to add a me too on version 2.23 update 138.

Changed DNS servers via setup to 8.8.8.8 and 8.8.4.4. Main page showed local recursor, but netexternal showed both Google servers under DNSSEC information.

After /etc/init.d/unbound update-forwarders, main page was correct.

Re: dns servers: local recursor

Posted: November 28th, 2019, 6:31 pm
by IT_teacher
Me too!
I have set ipfire DNS to 1.1.1.1 and 8.8.8.8, and ipfire is set as DNS for LAN, DNS queries from LAN to outside DNS servers is blocked by ipfire firewall rules on behalf of IT admin, but wery often, and, especially after any ipfire core update (and restarting PC as requires update process) ipfire WEBUI main page says DNS is local recursor, and DNS service for LAN is not working correctly (domain names from local hosts files is doubled, i.e moodle.exemple.com.example.com instead of moodle.exemple.com), and i must manually go to terminal to enter mentioned "/etc/init.d/unbound update-forwarders", after what temporarily DNS is working as expected.
I have core version 138 at this time.
How to get rid of that recursor completely and definitively.

Re: dns servers: local recursor

Posted: November 29th, 2019, 10:45 am
by DJ-Melo
https://bugzilla.ipfire.org/show_bug.cgi?id=12198

The temporary solution until it is solved is to access via ssh and put:

Code: Select all

/etc/init.d/unbound restart
It is solved until the next restart, which reappears.