Tought pfSense is doing this for me. I was wrong. I have it to /64 back now.

@johnpoz said in DNS Lookup Help:

Your vl30 setup is not going to work… So you want to use the resolver for your local, but since your vpn is down it can not resolve so you want it to forward

When my all the VPNs are down VL20 network is down but VL30 network is working actually.

@johnpoz said in DNS Lookup Help:

Hiding your dns from your isp? Why don’t you just forward anything that is not local via dnscrypt to say quad 9?
Hiding your dns queries from your ISP? If you resolve they would have to sniff all your traffic to find out what your looking for. But your ok with leaking your queries to somewhere if the VPN Is down…

I would love to use quad 9 but this option for VL30 is not for me as I need to use specific DNS for streaming eliminating georestriction. Yes, privacy is compromised here for the benefit of enough internet speed for streaming services.

So now can we get to the point which take us to square 1?

@rakib said in DNS Lookup Help:

Although I did not check “DNS query forward” in the unbound, and no DNS mentioned in the interface DHCP server, I get :
Server: Whatever DNS address of the general setup
Address: Whatever DNS address of the general setup#53
Here, I want to see my interface IP as server and address, NOT the DNS address of the general setup. How can I achieve it?

Alright, I figured it out. Stupid me had a DHCP Relay configured on the switch. I noticed it when I started doing packet captures and there was a complete absence of any DCHP-packets over UDP. I remembered thinking it would reduce network load if there weren't DHCP-packets flying aroung all the time. Is that still true nowadays?

0_1528311584678_6ef9a218-68ec-4f50-9d8f-d960a8f6a947-image.png

Now pfSense receives DHCP-packets and is handing out IP-Adresses. Problem solved on my terms.

0_1528312089230_33a7eea5-9623-4118-892e-96f88848d2ed-image.png

Big thanks to @Gertjan for staying and helping. And of course for the hint to start packet capturing.

PEBKAC.

The subnet mask on the CARP VIP was /27, should have been /26. The broadcast IP for 192.168.0.0/27 is 192.168.2.31. 192.168.2.31 is the IP of the second DHCP server.

Corrected the mask on the VIP and voila, it works.

There you go then ;) Yup kind of hard to query local dns when unbound can not talk on that network its located on ;)

Good thing too since VM is still in progress.. Ran out of disk space - was like why and the F is this update taking so long to download.. So had to expand the vm disk... heheheh

Then I got side tracked with beer drinking... Now its running disk cleanup.. Deleting like 3GB of "old updates"...

His post was before the forum change - pretty sure many if not all of the previous attached images were lost in the upgrade. I believe they are working on restoring them.

I managed to solve it at last.

It was all to or with ordering or primary interface. As a last ditch attempt I swapped the wired and wireless around and suddenly DNS Resolver on both!

If you bridging try putting the IP address on the internal wireless interface and adding the wired NIC to it.

Solved this one myself. For some reason, the DNS added to the general settings was never kicking in. Don't know why. But I solved my problem by adding the VPN providers DNS to the static mapping of the VPN-computer, and then added the DNS I wanted for the rest of the network to the DHCP of the LAN-interface. No idea if this is the proper procedure, but it works. No matter how un-elegant it might(?) be. My network no longer lives in Sweden, and YouTube is no longer giving me swedish ads.

Had a similar question myself, still doesn't seem to be any generally accepted "best practices".

https://serverfault.com/questions/804607/what-is-the-proper-way-to-configure-active-directory-and-domain-controllers-when

Yes I've tryied connecting to a laptop and works fine. The reboot problem was solved after sending to service and restoring the configuration, the problem is with the ethernet board IP, the no-ip actualmente.
Thanks

I tried to reenter the Host Overrides every morning after first experiencing the issue. I experienced the error message each time. On day four, I did not experience the error message. It has been five days now and the problem has not returned.

@johnpoz said in DNS not resolving some sites:

Here is the thing - their dns records are not correct... If they expect users to get to them then they need to fix their stuff.

Contact them and tell them to FIX it... Clearly its borked... I gave you as site that will validate all kinds of dns, etc. Just look yourself on any other dns checker - they all show that domain being borked!! With multiple problems... I show more problems now with bad glue, etc.

Yes, I have contacted them and I included the link to dnsvis which you kindly provided. I suggested that he forward that to his network engineer. Thing is, I may be the only one complaining. The network owner can resolve all of the hosts so it looks to him like nothing is wrong. Hopefully he will hand this off to someone who understands and can fix it.

thanks,
hank

That surprisingly helped immensely. I think the "issue" was that I was tagging it on the port pfSense was on and pfSense was like "I don't know what to do with this tag". Once I untagged it, presto.

Thanks!

Ok, fixed, windows dhcp hiccup.  A reset of dhcp fixed it!

Unless you disable all auto added ACLs, only internal interface networks are added.  So yeah on a wan interface you would need to add the acl to allow query.

By default, IPv4 and IPv6 networks residing on internal interfaces of this system are permitted. Allowed networks must be manually configured on the Access Lists tab if the auto-added entries are disabled."

Huh! Well now it all of a sudden started working. I was reading other posts here and someone mentioned /etc/hosts so I decided to cat it from the command prompt and I saw a section labeled

and they were all there. Opened a Windows command prompt and now I can ping them. I guess I just didn't have enough patience!  8)