Core Update 144 Development Build

1

Good Morning

It seems that there are problems with the version of test 144 (with 143 working well), since it worked correctly with TLS and I said to myself, -I am going to test with UDP. and zassss, it doesn’t work anymore. It appears as “Broken”.

image
image935×485 21.7 KB 

|08:37:54|unbound: [1956:0]|info: validation failure <ipfire.org. A IN>: No DNSKEY record for key ipfire.or g. while building chain of trust|
|08:35:23|unbound: [1956:0]|error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .|
|08:35:03|unbound: [1956:0]|info: validation failure <northsecure.dedyn.io. AAAA IN>: no signatures from 8. 8.4.4|
|08:35:03|unbound: [1956:0]|error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .|
|08:34:50|unbound: [1956:0]|info: validation failure <www.ipfire.org. A IN>: key for validation ipfire.org. is marked as invalid|
|08:33:50|unbound: [1956:0]|info: validation failure <www.ipfire.org. A IN>: No DNSKEY record for key ipfir e.org. while building chain of trust|
|08:33:20|unbound: [1956:0]|info: validation failure <community.ipfire.org. A IN>: No DNSKEY record for key ipfire.org. while building chain of trust|
|08:33:20|unbound: [1956:0]|info: validation failure <ipfire.org. A IN>: No DNSKEY record for key ipfire.or g. while building chain of trust|
|08:32:01|unbound: [1956:0]|info: validation failure <s.ss2.us. A IN>: No DNSKEY record for key us. while b uilding chain of trust|
|08:32:01|unbound: [1956:0]|info: validation failure <o.ss2.us. A IN>: No DNSKEY record for key us. while b uilding chain of trust|
|08:30:04|unbound: [1956:0]|info: validation failure <northsecure.dedyn.io. AAAA IN>: no signatures from 8. 8.8.8|
|08:29:15|unbound: [1956:0]|info: validation failure <ping.ipfire.org. A IN>: No DNSKEY record for key ipfi re.org. while building chain of trust|
|08:25:25|unbound: [1956:0]|info: validation failure <Home. AAAA IN>: no NSEC3 records from 8.8.8.8 for DS Home. while building chain of trust|
|08:25:04|unbound: [1956:0]|info: validation failure <northsecure.dedyn.io. AAAA IN>: no signatures from 8. 8.8.8|
|08:23:19|unbound: [1956:0]|info: generate keytag query _ta-4a5c-4f66. NULL IN|
|08:23:19|unbound: [1956:0]|info: start of service (unbound 1.10.0).|
|08:23:19|unbound: [1956:0]|notice: init module 1: iterator|
|08:23:19|unbound: [1956:0]|notice: init module 0: validator|
|08:23:19|unbound: [1956:0]|notice: Restart of unbound 1.10.0.|
|08:23:19|unbound: [1956:0]|info: 1.000000 2.000000 4|
|08:23:19|unbound: [1956:0]|info: 0.524288 1.000000 81|
|08:23:19|unbound: [1956:0]|info: 0.262144 0.524288 377|
|08:23:19|unbound: [1956:0]|info: 0.131072 0.262144 513|
|08:23:19|unbound: [1956:0]|info: 0.065536 0.131072 677|
|08:23:19|unbound: [1956:0]|info: 0.032768 0.065536 16|
|08:23:19|unbound: [1956:0]|info: 0.016384 0.032768 7|
|08:23:19|unbound: [1956:0]|info: 0.008192 0.016384 4|
|08:23:19|unbound: [1956:0]|info: 0.004096 0.008192 2|
|08:23:19|unbound: [1956:0]|info: 0.000256 0.000512 1|
|08:23:19|unbound: [1956:0]|info: 0.000128 0.000256 1|
|08:23:19|unbound: [1956:0]|info: 0.000000 0.000001 188|
|08:23:19|unbound: [1956:0]|info: lower(secs) upper(secs) recursions|
|08:23:19|unbound: [1956:0]|info: [25%]=0.0896159 median[50%]=0.141164 [75%]=0.260675|
|08:23:19|unbound: [1956:0]|info: histogram of recursion processing times|
|08:23:19|unbound: [1956:0]|info: average recursion processing time 0.204825 sec|
|08:23:19|unbound: [1956:0]|info: server stats for thread 0: requestlist max 7 avg 0.410678 exceeded 0 jost led 0|
|08:23:19|unbound: [1956:0]|info: server stats for thread 0: 15834 queries, 13963 answers from cache, 1871 recursions, 77 prefetch, 0 rejected by ip ratelimiting|
|08:23:19|unbound: [1956:0]|info: service stopped (unbound 1.10.0).|
|05:27:27|unbound: [1956:0]|info: generate keytag query _ta-4a5c-4f66. NULL IN|

Ping to ipfire.org:

C:\Users\rober>ping www.ipfire.org
La solicitud de ping no pudo encontrar el host www.ipfire.org. Compruebe el nombre y
vuelva a intentarlo.

C:\Users\rober>ping ipfire.org
La solicitud de ping no pudo encontrar el host ipfire.org. Compruebe el nombre y
vuelva a intentarlo.

Unbound restart:

[root@bs ~]# /etc/init.d/unbound restart
Stopping Unbound DNS Proxy...                                          [  OK  ]
Starting Unbound DNS Proxy...                                          [  OK  ]
[root@bs ~]#

image

After restart Unbound:

|08:47:11|unbound: [32168:0]|error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward ser vers failed, at zone .|
|---|---|---|
|08:46:01|unbound: [32168:0]|error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward ser vers failed, at zone .|
|08:45:03|unbound: [32168:0]|info: validation failure <northsecure.dedyn.io. AAAA IN>: no signatures from 8. 8.4.4|
|08:45:03|unbound: [32168:0]|info: generate keytag query _ta-4a5c-4f66. NULL IN|
|08:44:51|unbound: [32168:0]|info: start of service (unbound 1.10.0).|
|08:44:51|unbound: [32168:0]|notice: init module 1: iterator|
|08:44:51|unbound: [32168:0]|notice: init module 0: validator|
|08:44:48|unbound: [1956:0]|info: 128.000000 256.000000 47|
|08:44:48|unbound: [1956:0]|info: 64.000000 128.000000 23|
|08:44:48|unbound: [1956:0]|info: 32.000000 64.000000 12|
|08:44:48|unbound: [1956:0]|info: 16.000000 32.000000 8|
|08:44:48|unbound: [1956:0]|info: 8.000000 16.000000 2|
|08:44:48|unbound: [1956:0]|info: 2.000000 4.000000 1|
|08:44:48|unbound: [1956:0]|info: 0.262144 0.524288 7|
|08:44:48|unbound: [1956:0]|info: 0.131072 0.262144 16|
|08:44:48|unbound: [1956:0]|info: 0.065536 0.131072 33|
|08:44:48|unbound: [1956:0]|info: 0.032768 0.065536 30|
|08:44:48|unbound: [1956:0]|info: 0.002048 0.004096 2|
|08:44:48|unbound: [1956:0]|info: 0.001024 0.002048 4|
|08:44:48|unbound: [1956:0]|info: 0.000000 0.000001 3|
|08:44:48|unbound: [1956:0]|info: lower(secs) upper(secs) recursions|
|08:44:48|unbound: [1956:0]|info: [25%]=0.0814235 median[50%]=0.486839 [75%]=128|
|08:44:48|unbound: [1956:0]|info: histogram of recursion processing times|
|08:44:48|unbound: [1956:0]|info: average recursion processing time 57.773357 sec|
|08:44:48|unbound: [1956:0]|info: server stats for thread 0: requestlist max 9 avg 4.12105 exceeded 0 jostl ed 0|
|08:44:48|unbound: [1956:0]|info: server stats for thread 0: 608 queries, 420 answers from cache, 188 recur sions, 2 prefetch, 0 rejected by ip ratelimiting|
|08:44:48|unbound: [1956:0]|info: service stopped (unbound 1.10.0).|

Ping after restart Unbound:

C:\Users\rober>ping www.ipfire.org

Haciendo ping a fw01.ipfire.org [81.3.27.38] con 32 bytes de datos:
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51

Estadísticas de ping para 81.3.27.38:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 44ms, Máximo = 44ms, Media = 44ms

C:\Users\rober>ping ipfire.org

Haciendo ping a ipfire.org [81.3.27.38] con 32 bytes de datos:
Respuesta desde 81.3.27.38: bytes=32 tiempo=43ms TTL=51
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51
Respuesta desde 81.3.27.38: bytes=32 tiempo=44ms TTL=51

Estadísticas de ping para 81.3.27.38:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 43ms, Máximo = 44ms, Media = 43ms

C:\Users\rober>

Disabling Suricata

Unbound restart:

[root@bs ~]# /etc/init.d/unbound restart
Stopping Unbound DNS Proxy...                                          [  OK  ]
Starting Unbound DNS Proxy...                                          [  OK  ]
[root@bs ~]#

image
image851×500 19.6 KB

Problems again with Suricata?

Regards.

2

Hello Roberto,

this is interesting. There were some DNS hiccups after upgrading to Core Update 144,
but they seem to be gone after a reboot. I did not have time to investigate further,
but at least at the moment, Suricata does not seem to cause trouble (using DNS over TLS)
here.

Thanks, and best regards,
Peter Müller

3

I don’t know if a problem I have somting to do with DNS but sins I upgrade to 144,
I notice that after all my PC with Ubuntu Complain that the connection is not good ( I get a question mark at my network connection) on ubuntu they say to turn connectivity checking off.
But why turn something off if i did not have problem till now?
but after turning it off it is still giving the same problem.
I don’t know where is this coming from I did not have this problem before.
where do I need to look and what do I need to look for?

4

@neopegasus: You asked more or less the same question at Update 2.25 Core 144. Please do not post it in different threats - especially not if it’s root cause is unclear.

5

yes , sorry , I will keep it in the other one!
Thanks Peter.