[Resolved] (for now) No Network problem - Running Unbound on Windows 10 V2004

RayG rgsub1 at btinternet.com
Tue Aug 11 16:00:41 UTC 2020 

Since writing up the issue below I have updated two systems and after a lot
of experiments I have found that the best way to resolve this issue (at the
moment) is in the following way:

 

You can set up the interface statements to use your actual IP's (IPV4 &
IPV6) which is OK if all are static addresses. If you are using DHCP then it
is possible the address will change over time. This will certainly be true
if you are using a WiFi Laptop to travel.

 

So setting the interface: statements like this would seem to be best.

 

interface: 0.0.0.0 
interface: ::0

 

The access-control: statements now look like this:

 

                access-control: 0.0.0.0/0 allow_snoop

                access-control: 127.0.0.0/8 refuse

                access-control: ::0/0 allow_snoop

                access-control: ::1 refuse

 

I have then used an event driven task:

 

Microsoft-Windows-NetworkProfile_Operational_Microsoft-Windows-NetworkProfil
e_10000

 

To run a PowerShell script that then sets the DNS servers for the adapter
you want to configure it works for Ethernet and WiFi connections. You can
define the name you want to use by renaming the adapter to something that
makes it unique and identifiable from any others. I have not yet found a way
to actually see which interface the event is derived from as the script only
runs when the network interface comes up having it run several time (in my
case 3) is not an issue it only sets the DNS addresses for one interface
(the same one each time).

 

The IP Addresses to use can be obtained using:

 

$IPV4 = ([string](Get-NetIPAddress -InterfaceAlias
$NetworkType).IPV4Address).Trim() 

$IPV6 = ([string](Get-NetIPAddress -InterfaceAlias $NetworkType
-AddressState Preferred -SuffixOrigin Link -PrefixOrigin
RouterAdvertisement).IPAddress).Trim()

 

Where $NetworkType is the name of the adapter.

 

You do have to work out a few more bits to set the address but this is
essentially what I am doing and so far it is working OK. I know the system
is not using other methods (as far as I can tell) to obtain DNS information
as if I stop the Unbound service nothing appears to have network Access when
a DNS name needs to be looked up.

 

I hope this helps anyone else who is struggling in this way.

 

I don't know if this is a bug in Microsoft s code see:

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-no-internet-
bug-in-latest-windows-10-dev-build/

 

That looks like it will be in the next build not V2004 so watch this space.

 


Subject: No Network problem - Running Unbound on Windows 10 V2004

 

Hi,

 

Since the Windows 10 V2004 update has been out and about, every time I have
upgraded a system I have had issues with the networking. Windows thought
that it was not connected to the internet. The little system tray icon
always showed the  little world icon (as I call it) to say no internet
access. I could never get it to show the little TV screen icon to say
networking was up and running and the internet was fully accessible.

 

I was made aware of this issue:

https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocki
ng-telemetry-is-now-flagged-as-a-risk/

where blocking MS telemetry IP addresses (DNS Names) via the hosts file
would cause Windows Defender to complain that the hosts file had been
"infected" and would return it to defaults depending on how you answered
Defenders prompt. This apparently has been the case sine the end of July.

 

This got me thinking and I have now upgraded my desktop to V2004 again and
low and behold - networking issues.

 

I use Macrium Reflect as backup software and that allows me to take a backup
and then convert that into a VM. I did this and then played with the Unbound
configuration.

 

What I found was:

 

Any reference to 127.0.0.x or ::1 for DNS entries in the Adapter
configuration causes the networking to fail to detect internet access is
available. I don't know if this is intentional on MS's behalf or a bug -
time will perhaps tell.

 

That said, if I changed the Adapter configuration so that it pointed to the
IPV4 and IPV6 address the IPCONFIG /ALL 

 

   IPv6 Address. . . . . . . . . . . : :x:x:x:x(Preferred)

   IPv4 Address. . . . . . . . . . . : x.x.x.x(Preferred)

 

For the DNS server entries then the networking worked correctly if I also
set the "interface:" and "access_control" definitions in the unbound
configuration file to the same addresses

 

interface: :x:x:x:x

interface: x.x.x.x

 

&

 

access_control: :x:x:x:x allow_snoop

access_control: x.x.x.x allow_snoop

 

I also commented out the references to 127.0.0.0/8 and ::1

 

I don't know if anyone else is having these issues but hopefully the above
will help.

 

I would also be VERY interested if nlnetlabs have come across this issue and
how they have resolved it and if indeed it happens on anyone else's
system(s).

 

RayG

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200811/f05f434d/attachment.htm>

More information about the Unbound-users mailing list