Hi there,
i use dns.sb and dot.ffmuc.net, are they also called as free? And can not be reverse resolved by unbound?
Is there a list available, where i can find resolvedable DNS Server for that need?
Thx
dns.sb reverse resoved okay on my IPFire system. I just tested it. It resolved to public-dns-a.dns.sb
The Freifunk Munich entry dot.ffmuc.net failed to resolve for me also.
There is no list of entries that are reverse resolvable but I am using ones from the TLS list and most were reverse resolved. Any that weren’t I didn’t use.
Here are the entries I have been using for more than a year now without any problems.
1 Like
Somthing is getting confused,
even google quad 8 is not reversable…
I use TLS
I use UDP
all the same…
Yes, but there is nothing in that list that guarantees that they will reverse resolve. Freifunk Munich is in the list but they don’t reverse resolve.
Basically you need to try out the entries you are interested in and see if they reverse resolve or not. Even if they don’t they should still work as a DNS server.
As the dns.sb and dns.google IP’s don’t reverse resolve for you but do for me then there must be some other issue with your system.
If you press the Check DNS Servers button do all of your selected dns server entries come up with a green OK or do some of them have a red error message.
If you hover your mouse pointer over the red error status then a pop up message box will appear giving some information about what the problem is.
You could also look in the logs with the following command
less /var/log/messages | grep unbound
This will list all the unbound dns server info. It should give more details in that about the problems with the dns.google and dns.sb servers.
1 Like
so, U will tell me how DNS is working?
Are U right?
host dns.google
dns.google has address 8.8.8.8
dns.google has address 8.8.4.4
dns.google has IPv6 address 2001:4860:4860::8844
dns.google has IPv6 address 2001:4860:4860::8888
why is this host not resovleable by unbound?
Without any error messages or logs it is not possible to say why it is not working on your system. It works fine on my production system.
See my previous post about how to check the dns servers and see if you get an error message or not and how to filter the messages log for unbound entries, unbound being the dns server running on IPFire.
If you provide the status message and log info then myself or other forum members should be able to figure out what is causing the problem.
1 Like
I don’t have problems with quad 8, too.
I do have closed the Wall. Thats why i am asking.
Hi team, Daniel, guys.
I’m happy with NextDNS, plenty security options there. As well can set up DOT with ipfire (unfortunatly ipfire doesnt handle DOH at the moment. This is a sugestion for devs (please) DOT is secure as well but nowadays DOQ or DOH are even more secure.
On DNS settings Set it up to TLS and TLS host name is on the webinterface NextDNS GUI
Well, With DOT you can block all 53 ports in and out and it will work with a 800 something port beside all security options in the webGUI NextDNS interface. Really happy at the moment with it.
Anyone knows any troubles with Next DNS? Let me know please
G70P
isnt it port 853 anyway ?
Did you try this.
working on port 53 udp
can not test DoT at this time.
Still Domain name error.
But comes up as working
Please, a minute, as I’m going out to work and later I’ll explain my conf. Just got in to give trash a replie on other thread
G70P
Ipfire team, Guys. I would like first to apologise, I didn’t meant to advertise any product. I mentioned my DNS resolvers as they seemed a new level of DNS security, (free) even allowing HTTP3 to test. Might be of interest of ipfirewall users as new ideas and add ons could arise from nowadays needs accordingly to what’s in the net to use. Yes I used DOT first working as the picture above but was something very near to DNS-over-TLS/QUIC
[userdefined].dns.nextdns.io (setup page is very clear) All ports 53 in, out and firewall are blocked (in ipfirewall). As a matter of fact, (and this looks like a bug.) DNS were always breaking as reverse tests too. unless I hit save button several times DNS wouldn’t start working again 
After this step DNS worked for a minute but were breaking again. Fortunatly NExt DNS It uses DOH as well. SO I clear everything in DNS (working in recursive mode) Cleared ISP’s DNS as well in DNS ipfire setup and I’m only using DNS Forward to the DOH provided plus 45.90.**.0. Important was, as well to clear DNS’s from the DHCP server (green interface; primary and secondary). I thought wasn’t possible to use DOH with Ipfire, but the DNS forwarding in ipfire Network menu alows that option. To make sure I’m reaching those 443 ports for DNs over HTTPS I made a forward rule to DNS IPs. Sorry but I’m a bit in testing here, working fine for the moment.
PS. I don’t use SQUID server, or the web proxy at the moment. I’m kind of step back towards caching’s wherever is possible
G70P
Hi guys,
i find out the problem.
I have set ping.ipfire.org to 127.1.1.1 with PTR Record in the Hosts config of Unbound. Because i don’t want the Box to ping anyone on the I-Net.
Removing this will lead to a working DNS-Server Information and Reverse Lookups to Status OK.
Even when they are not resolvable.
This Topc can be closed.
PS: Maybe there is another solution to stop pinging the IPFire?
THX and best regards
Daniel