mirobot
(miro bot)
26 November 2019 15:22
1
After doing a new installation of IPfire, I have no Add ons, because Pakfire can’t “refresh list”. So I cannot install samba …
The system-logs:
IPfire:
|13:58:31|ipfire: |DHCP on GREEN: DHCP server enabled. Restarting.|
|—|—|—|
|13:58:42|ipfire: |Rebooting IPFire|
|14:02:07|ipfire: |NTP synchronisation event|
|15:02:07|ipfire: |NTP synchronisation event|
DNS:Unbound
15:24:04
unbound: [1394:1]
info: validation failure ?0. A IN
15:24:04
unbound: [1394:0]
info: validation failure ?0.localdomain. A IN
16:16:06
unbound: [1394:1]
info: validation failure pakfire.ipfire.org . A IN
16:16:06
unbound: [1394:1]
info: validation failure pakfire.ipfire.org.localdomain. A IN
Pakfire
16:16:06
pakfire:
DOWNLOAD STARTED: 2.23-x86_64/lists/server-list .db
16:16:06
pakfire:
DOWNLOAD INFO: Host: pakfire .ipfire. org (HTTP) - File: 2.23-x86_64/lists/server -list.db
16:16:06
pakfire:
DOWNLOAD INFO: 2.23-x86_64/lists/server-list .db has size of bytes
16:16:06
pakfire:
DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can’t connect to pakfire.ipfire.org : 80 (Bad hostname ‘pakfire.ipfire. org’)
16:16:06
pakfire:
Giving up: There was no chance to get the file 2.23-x86_64/lists/server-list. db from any available server. There was an error on the way. Please fix it.
16:16:06
pakfire:
MIRROR ERROR: Could not find or download a server list
ms
(Michael Tremer)
26 November 2019 21:34
2
Your DNS does not seem to work…
mirobot
(miro bot)
27 November 2019 07:08
3
Ok, it’s a DNS problem. NTP seems to be ok, time is synced.
Any ideas to solve the DNS problem?
In the DHCP configuration I chose 1.1.1.1 ( Cloudfare) as Primary DNS and 8.8.8.8 as secondary DNS.
ms
(Michael Tremer)
27 November 2019 13:12
4
Can you ping the DNS servers?
mirobot
(miro bot)
27 November 2019 13:33
5
Yes, I can ping the DNS. I also tried to ping the Timeservers an it works. Pakfire sayd: “MIRROR ERROR: Could not find or download a server list”
Do I have to open a special port for pakfire by a Firewall Rule?
ms
(Michael Tremer)
28 November 2019 11:10
6
It might be that you blocked the firewall’s access to port 53 (UDP and TCP) for DNS.
In that case, you need to create an extra rule to those two IP addresses and DNS should be working then.
mirobot
(miro bot)
2 February 2022 14:17
7
Sorry for bumping the topic, but the problem is not solved after a new setup.
Could you give some instructions where and how to create the new Port53-Rule?
Thanks, Miro
pmueller
(Peter Müller)
2 February 2022 21:04
8
Hi,
a while ago, I wrote a blog post on general firewall configuration recommendations for IPFire users. It also covers firewall rules for DNS traffic.
However, I think it would be easier if you could post a screenshot of the firewall rules configured on your IPFire machine here.
Thanks, and best regards,
Peter Müller
1 Like
mirobot
(miro bot)
3 February 2022 15:51
9
At the moment there is only one rule. Here comes the screenshot:
Many thanks, Miro
pmueller
(Peter Müller)
6 February 2022 12:16
10
Hi,
thanks for reporting back.
Off-topic question: What are you doing on port 113 of your IPFire machine?
This screenshot given, a firewall rule does not seem to cause your problem. Could you post a screenshot of your DNS configuration , too? Also, what is the output of these two commands on IPFire:
dig soa ipfire.org
grep "unbound" /var/log/messages
Thanks, and best regards,
Peter Müller
1 Like
mirobot
(miro bot)
7 February 2022 17:28
11
Thanks, Peter. This is my DNS configuration:
mirobot
(miro bot)
7 February 2022 17:28
12
The port 113 rule is not activated. I do nothing with it at the moment. Here comes the output:
why do you have 192.168.2.1 gateway as one of the DNS ? can you uncheck it?
1 Like
mirobot
(miro bot)
8 February 2022 07:47
15
why do you have 192.168.2.1 gateway as one of the DNS ? can you uncheck it?
That’s right, thank you. Done.
Btw: Should I use ISP-assigned DNS servers?
trish
(trish)
8 February 2022 18:46
16
Hi Miro, welcome to the community
No, you should not use your ISP 's DNS servers.
You should use DNS servers that are on the recommended list
they use TLS, have DNSSEC working, they don’t filter or data-mine results.
Here is a decent list just to start:
[Digitale Gesellschaft (CH) 185.95.218.42 ‘dns1.digitale-gesellschaft.ch’
[Freifunk München e.V.] 5.1.66.255 anycast01.ffmuc.net
(EDIT: censurfri.dk is down at this moment, replaced it)
And here is a complete list:
Here are some references if you get the time to skim through
https://wiki.ipfire.org/search?q=dns
1 Like
pmueller
(Peter Müller)
8 February 2022 18:59
17
Hi,
this would be my first suspicion for the root cause of your problems, too.
Did that change anything? What does the Pakfire log say if you try to fetch a new list?
You can also do the latter via the command line - in a successful case, it should look like this:
[root@maverick ~]# pakfire update
server-list.db 100.00% |=============================>| 981.00 B
packages_list.db 100.00% |=============================>| 4.30 KB
core-list.db 100.00% |=============================>| 903.00 B
Thanks, and best regards,
Peter Müller
1 Like