Stephan de Wit

Results 72 comments of Stephan de Wit

unbound: restrict creation of PTR records for both the system domain and host overrides

> fair enough but my main concern was > > https://github.com/opnsense/core/blob/2115c45e593caf9f266a9df191c148ac96228525/src/etc/inc/plugins.inc.d/unbound.inc#L473 > > and > > https://github.com/opnsense/core/blob/2115c45e593caf9f266a9df191c148ac96228525/src/etc/inc/plugins.inc.d/unbound.inc#L483 Also very relevant, I suppose the same logic makes the most sense here

Unbound DNS: Query Forwarding, during the transition between VLAN there is a loss of DNS response

This is possibly a side effect of https://github.com/opnsense/core/commit/161d24650b6020393b57238c0a0d4e40110dc6d3. Can you share (and if necessary sanitize) the output of `/var/unbound/private_domains.conf` when a domain override is configured? Do you have DNSSEC enabled?

Unbound DNS: Query Forwarding, during the transition between VLAN there is a loss of DNS response

@RHeijmans @tinus-github Can you try `# opnsense-patch f3efe39f7` and restart Unbound to see if it resolves the issue? Context: https://github.com/opnsense/core/commit/f3efe39f7b7e182bb77a7dd3a371fe4c5c054585

Unbound DNS: Query Forwarding, during the transition between VLAN there is a loss of DNS response

> I did try applying the patch again to remove it, but then it kept working. Likely Unbound wasn't restarted after removing the patch. If it was, the response was...

Unbound DNS: Query Forwarding, during the transition between VLAN there is a loss of DNS response

@RHeijmans Glad to help! If all goes well, this patch should make it into the next release. I am however considering expanding on this a bit as the code which...

unbound: Add support for native IPv6 prefix tracking in host overrides

> If we have an option to cleanly feed this to unbound without the need of a restart (loosely coupled), it might be different, but at the moment I don't...

packet errors on outgoing traffic

Earlier investigation revealed that timing during initialization of a vlan interface was a bit off, therefore packets were sent out over a vlan interface that wasn't up yet, revealing some...

packet errors on outgoing traffic

@fabricemrchl I'm unable to reproduce the issue on my setup using suricata + high load traffic. Would you be able to share some debug output? The following would be helpful:...

packet errors on outgoing traffic

@fabricemrchl Thanks for the output. Do you have an estimate of the amount of outbound errors at the time of the recording of this output? I'm wondering how it scales...

packet errors on outgoing traffic

While I can't draw any conclusions from the data here, I noticed the VLAN virtual interface is very sensitive to output errors in it's transmit routine. Most notably it reports...