I am running pfsense 2.5.1-RELEASE** (amd64) on protectli hardware.
I lose (normal) contact with the internet when the DNS Resolver is stopped. I must enable the DNS Resolver in order to access the dashboard. Adam:One is enabled on the adam:ONE/Settings, and Automatically manage DNS firewall rules is checked. The Router Configuration page on Dashboard indicates it can see my router. In fact, the dashboard lists all devices in my DHCP assignments, so it has definitely obtained information from the router.
I see (2) NAT Port Forward rules and (1) LAN rule that Adam:One set up.
All of my devices were already set to require DNS from the pfsense firewall prior to the install, and no device is allowed off network via port 53 or 853. The point is that I know my devices look to the router for DNS.
I do have my DNS directed to OpenDNS as indicated on Status / Dashboard: DNS Servers are 208.67.220.220 and 208.67.222.222.
I am rather confused about how the instructions say to turn off the resolver but then directs you later to set up the Adam:One details. Following those instructions, it was impossible to set up the Adam:One account because DNS was down at step 2.
All of my devices are in the Basic Blacklist policy which I have not changed.
I’ve read through the Quick Start Guide. Hopefully I haven’t missed anything obvious.
@kbulgrien when the anmgr service is running it should still resolve without any filtering which is why it’s OK to disable the built-in DNS Resolver before step 2.
If you run the command sockstat -4 what services do you see listening on port 53?
Do you see anmgr running under Status / Services?
Did you click the Setup DTTS button? As that will disable your default allow Internet firewall rule and if your account isn’t live will cut off your Internet access as a result.
I did push the blue Setup Firewall for DTTS button only after several tries at figuring this out. I do see (3) adam:ONE LAN rules now, but none look like they block anything.
adam:ONE Reject 443 for Ad-blocks
adam:ONE allow DNS
adam:ONE allow HTTP to mytools.management
No allow rules are disabled that I did not have disabled before the install. The main allow is still there:
Any valid local getting here is allowed
My firewall rule set is not a “default” pfsense rule set. I have a number of blocks, schedules, exceptions to rules, etc. that are my base policies for devices on the network.
Disabling unbound still disables my ability to use DNS.
I guess I didn’t state this, but it feels as if not being able to disable the DNS Resolver as instructed probably means that the install is a failure and offers no benefit because DNS resolves are bypassing adam:ONE. I guess I don’t really understand the process of how it works. I suppose that adam:ONE essentially sits between my DNS provider and what is served to to local network?
The dashboard shows no DNS requests for today even though Domain Logging is enabled, so I guess it is still not working. ‘sockstat -4’ lists anmgr and unbound is not listed. I have outbound blocks for 53 and 853 for all devices except the firewall.
There can be an hour delay for the domain logs to appear on the Dashboard. If you are still seeing issues there please contact our support via support@adamnet.works
It’s interesting that you had to reboot pfSense after disabling the built-in DNS Resolver. Based on the sockstat output above only anmgr was listening on port 53 which is what we’d want to see.
But good to know that a reboot fixed that issue.