Core 131 with unbound error

General questions.
Post Reply
JonM
Posts: 119
Joined: August 4th, 2017, 5:49 pm
Location: US

Core 131 with unbound error

Post by JonM » May 18th, 2019, 2:47 am

I updated from Core 130 to Core 131 yesterday and I am getting lots of unbound errors. (No unbound errors in Core 130). Most are related to NTP but some are related to other sites and some are related to rDNS.

Code: Select all

[root@ipfire ~]# grep validation /var/log/messages
. . . 
May 17 14:55:16 ipfire unbound: [1527:2] info: validation failure 14.138.207.34.in-addr.arpa. PTR IN
May 17 14:55:18 ipfire unbound: [1527:1] info: validation failure 14.138.207.34.in-addr.arpa. PTR IN
May 17 15:48:49 ipfire unbound: [1527:3] info: validation failure 0.iPfIRe.PooL.nTP.OrG. A IN
May 17 15:48:55 ipfire unbound: [1527:1] info: validation failure 0.IpfiRE.pooL.nTP.ORg. AAAA IN
May 17 15:48:55 ipfire unbound: [1527:2] info: validation failure 0.iPFIRE.POOl.nTp.oRg. A IN
May 17 15:48:55 ipfire unbound: [1527:0] info: validation failure 0.IPfIre.poOl.Ntp.org. AAAA IN
May 17 16:23:17 ipfire unbound: [1527:2] info: validation failure north-america.pool.ntp.org. A IN
May 17 16:23:22 ipfire unbound: [1527:0] info: validation failure north-america.pool.ntp.org. A IN
May 17 16:23:24 ipfire unbound: [1527:3] info: validation failure north-america.pool.ntp.org. A IN
May 17 19:23:17 ipfire unbound: [1527:2] info: validation failure north-america.pool.ntp.org. A IN
May 17 19:23:22 ipfire unbound: [1527:3] info: validation failure north-america.pool.ntp.org. A IN
May 17 20:23:17 ipfire unbound: [1527:1] info: validation failure north-america.pool.ntp.org. A IN
May 17 20:23:22 ipfire unbound: [1527:3] info: validation failure north-america.pool.ntp.org. A IN
May 17 20:23:27 ipfire unbound: [1527:0] info: validation failure north-america.pool.ntp.org. A IN
May 17 21:14:26 ipfire unbound: [1527:3] info: validation failure 1.1.1.1.in-addr.arpa. PTR IN
May 17 21:14:36 ipfire unbound: [1527:0] info: validation failure 1.0.0.1.in-addr.arpa. PTR IN
May 17 21:16:11 ipfire unbound: [1527:3] info: validation failure i-use.ipfire.org. A IN
Looking at the DNSSEC Information (menu Status > Network-external):
Screen Shot 2019-05-17 at 9.15.26 PM.png

I'm really not sure how to fix. I deleted the DNS at "Assign DNS server addresses only for DHCP on red0" (menu Network > Assign DNS Server). It was set to Cloudflare 1.1.1.1. Hopefully that will help.

I don't use DoT (not that I know of) but I've seen similars errors in the unbound - DoT thread. Could that be related?

EDIT: Replace image with text.
Production:
Image

Testing Raspi 3B+:
Image

JonM
Posts: 119
Joined: August 4th, 2017, 5:49 pm
Location: US

Re: Core 131 with unbound error

Post by JonM » May 20th, 2019, 6:18 pm

The above seems to be related to the new IPS. If I turn IPS off then all works OK. Once I turn IPS back on then I start getting the validation failure errors. Below is what I see once IPS is on for RED only:

Code: Select all

[root@ipfire ~]# grep validation /var/log/messages
May 20 12:31:09 ipfire unbound: [1507:2] info: validation failure ocsp.int-x3.letsencrypt.org. A IN
May 20 12:31:32 ipfire unbound: [1507:2] info: validation failure email.mg.hackster.io. A IN
May 20 12:31:48 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 12:32:12 ipfire unbound: [1507:1] info: validation failure pool.ntp.org. A IN
May 20 12:42:26 ipfire unbound: [1507:0] info: validation failure pool.ntp.org. A IN
May 20 12:43:20 ipfire unbound: [1507:0] info: validation failure pool.ntp.org. A IN
May 20 12:45:05 ipfire unbound: [1507:3] info: validation failure pool.ntp.org. A IN
May 20 12:45:31 ipfire unbound: [1507:1] info: validation failure pool.ntp.org. A IN
May 20 12:46:02 ipfire unbound: [1507:2] info: validation failure email.mg.hackster.io. A IN
May 20 12:46:25 ipfire unbound: [1507:3] info: validation failure pool.ntp.org. A IN
May 20 12:48:00 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 12:48:50 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 12:51:13 ipfire unbound: [1507:1] info: validation failure pool.ntp.org. A IN
May 20 12:51:14 ipfire unbound: [1507:3] info: validation failure pool.ntp.org. A IN
May 20 12:51:57 ipfire unbound: [1507:3] info: validation failure pool.ntp.org. A IN
May 20 12:53:39 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 12:54:29 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 12:54:35 ipfire unbound: [1507:0] info: validation failure pool.ntp.org. A IN
May 20 12:55:29 ipfire unbound: [1507:0] info: validation failure pool.ntp.org. A IN
May 20 12:55:29 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 12:56:18 ipfire unbound: [1507:3] info: validation failure pool.ntp.org. A IN
May 20 12:56:32 ipfire unbound: [1507:1] info: validation failure pool.ntp.org. A IN
May 20 12:57:26 ipfire unbound: [1507:0] info: validation failure pool.ntp.org. A IN
May 20 13:01:34 ipfire unbound: [1507:0] info: validation failure pool.ntp.org. A IN
May 20 13:01:45 ipfire unbound: [1507:3] info: validation failure pool.ntp.org. A IN
May 20 13:02:02 ipfire unbound: [1507:1] info: validation failure pool.ntp.org. A IN
May 20 13:02:13 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
May 20 13:03:07 ipfire unbound: [1507:2] info: validation failure pool.ntp.org. A IN
[root@ipfire ~]# 

Here are the IPS Logs (menu Logs > IPS Logs):

Code: Select all

IPFire IPS log
Date: 20 May

Date: 05/20 13:04:13
Name: ET SCAN Sipvicious User-Agent Detected (friendly-scanner)
Priority: 2
Type: Attempted Information Leak
IP Info: 185.53.88.242:5237 -> 24.12.xxx.xxx:5060
SID: 2011716
Refs: 

Date: 05/20 13:04:13
Name: ET SCAN Sipvicious Scan
Priority: 2
Type: Attempted Information Leak
IP Info: 185.53.88.242:5237 -> 24.12.xxx.xxx:5060
SID: 2008578
Refs: 

Date: 05/20 13:01:00
Name: ET SCAN Suspicious inbound to mySQL port 3306
Priority: 2
Type: Potentially Bad Traffic
IP Info: 222.186.172.54:6000 -> 24.12.xxx.xxx:3306
SID: 2010937
Refs: 

Date: 05/20 12:48:00
Name: ET SCAN Sipvicious User-Agent Detected (friendly-scanner)
Priority: 2
Type: Attempted Information Leak
IP Info: 77.247.110.23:5435 -> 24.12.xxx.xxx:5060
SID: 2011716
Refs: 

Date: 05/20 12:48:00
Name: ET SCAN Sipvicious Scan
Priority: 2
Type: Attempted Information Leak
IP Info: 77.247.110.23:5435 -> 24.12.xxx.xxx:5060
SID: 2008578
Refs: 

Date: 05/20 12:40:01
Name: ET SCAN Sipvicious User-Agent Detected (friendly-scanner)
Priority: 2
Type: Attempted Information Leak
IP Info: 77.247.109.214:5083 -> 24.12.xxx.xxx:5060
SID: 2011716
Refs: 

Date: 05/20 12:40:01
Name: ET SCAN Sipvicious Scan
Priority: 2
Type: Attempted Information Leak
IP Info: 77.247.109.214:5083 -> 24.12.xxx.xxx:5060
SID: 2008578
Refs: 

Date: 05/20 12:29:10
Name: ET SCAN Suspicious inbound to PostgreSQL port 5432
Priority: 2
Type: Potentially Bad Traffic
IP Info: 107.170.192.103:43971 -> 24.12.xxx.xxx:5432
SID: 2010939
Refs: 

There is noting in the Intrusion Prevention log (menu Logs > System Logs >> Intrusion Prevention):
Screen Shot 2019-05-20 at 1.12.24 PM.png
Production:
Image

Testing Raspi 3B+:
Image

dominictayloruk
Posts: 1
Joined: May 21st, 2019, 2:02 pm

Re: Core 131 with unbound error

Post by dominictayloruk » May 21st, 2019, 2:06 pm

I've added 1.1.1.1 and 1.0.0.1 to whitelisted hosts and haven't had a problem so far.

EDIT: 6 Hours on and we have issues resolving DNS queries again

current.user
Posts: 5
Joined: April 4th, 2017, 7:41 pm

what to do?

Post by current.user » July 31st, 2019, 1:57 pm

hello board
are there any news about this:

ipfire unbound: [1507:2] info: validation failure

i tried some basic commands:
/etc/init.d/unbound update-forwarders
Configuring upstream name server(s): 1.1.1.1 1.0.0.1 [ OK ]
DNS still not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)...

i guess that is not as it should be?

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8381
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Core 131 with unbound error

Post by Arne.F » July 31st, 2019, 2:35 pm

There are know problems with 1.1.1.1 and 1.0.0.1 with the IPS. Have you tried other known working servers like 8.8.8.8
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

current.user
Posts: 5
Joined: April 4th, 2017, 7:41 pm

andere dns server

Post by current.user » July 31st, 2019, 3:53 pm

i changed the cloudflare dns to opendns server...
will the issues be fixed/can the issues be fixed?

User avatar
Arne.F
Core Developer
Core Developer
Posts: 8381
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Core 131 with unbound error

Post by Arne.F » July 31st, 2019, 9:52 pm

No. Because opendns strips RRSIG Answers and cannot used at all.
https://wiki.ipfire.org/dns/dnssec/hosted-blacklists

Public DNS Server list:
https://wiki.ipfire.org/dns/public-servers
Avoid "Strips RRSIG" servers!
Arne

Support the project on the donation!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

current.user
Posts: 5
Joined: April 4th, 2017, 7:41 pm

thx 4 the heads up

Post by current.user » August 1st, 2019, 9:23 am

i changed them now to CCCs
ty arne for the 'strip hint'

regarding the known issues:
will the 'known promblems' with CF dns servers be adressed?
is it a CF thing or a iPF thing?

Post Reply