DNS resolver - forwarding working recursive resolution not working
-
Hello,
I wonder if someone could offer me any insights into how to work out why i can get DNS resolver to work using forwarding mode but not using (recursive) resolver mode.
I thought this might be because Virgin, my ISP, was blocking me using resolver, so I set a rule to route all traffic over my VPN, but I still can't get DNS resolution. Is there something I should try, it is just weird.
Here are my DNS Resolver options - all pretty standard I think.
Here are my general setup DNS settings
I can attach shots of the logs if that would help but I am not sure which log would help work out the problem. I'm no expert and nothing in the various logs jumps out at me to indicate the problem.
All I notice is that set in DNS resolver mode I can ping sites and get back a ping indicating the ip address was reachable. But I can't resolve the website ip address recursively.
To me this is totally weird. I am sure I must have miss-set something somewhere but I having spent a few hours trying to work this down I given in. If anyone can suggest anything I'd be grateful.
Thanks
Jeremy -
Hi Jeremy, try setting your DNS Query Forwarding from its current mode to Use Remote Servers
-
Sorry, I meant ''DNS Resolution Behavior''
-
The default Unbound settings actiavte 'resolving'.
This
should be un checked.
This list :
should be empty.
Like :
These (default) settings should work for everybody.
That is, as long as the ISP is not blocking 'port 53' DNS requests, something that was done in the last century. You had to use the DNS of the ISP. If that still is the case (they should mention this in their instructions), call them, and so 'good bye' to them.
But .... when you activate a VPN WAN, your ISP behaviour is ruled out. Your issue stays the same. So, the issue is on your side.Easy check :
Save config.
Restore to default.
Now, assign interfaces (if needed), and change the password. Stop there.
( don't assign DNS servers on the initial GUI wizard - just a password )
DNS now works. -
@gertjan
Hi thanks for the help, I put pics up showing my setup in forwarding mode but it would have been more intuitive for me to show screen shots with it set for recursive mode i.e. with the forwarding mode box unchecked. I had it checked only so I could navigate to netgate and ask the question.As you indicate it should work in recursive mode as that is the default, but it doesn’t. I do recognise this is an issue my side. I am sure if I reset to default set up it will work fine recursively. The thing is I want to make my current set up work recursively as if I reset I have to rebuild all the rules, the vpns, etc. I am also intrigued as to why it is not working and what I am missing. I can live with it in forwarding mode I just would like to understand why I can’t make recursive mode work, when it is the default.
I just cannot work out why it will not work recursively when I turn off forwarding mode. I am at a loss where else to look for a setting. I have checked seemingly every setting I can think of like my outgoing NAT, lan and floating rules, vpn settings, dhcp overrides , etc etc etc. it is weird. Works fine in forwarding mode, won’t work in the default recursive mode. I don’t know where else to look to work out why this behaviour exists. If you have any further insights I’d be delighted to hear!
Thanks again for your comments.
-
@jeremyj said in DNS resolver - forwarding working recursive resolution not working:
it would have been more intuitive for me to show screen shots with it set for recursive mode i.e. with the forwarding mode box unchecked.
I probably not using the default settings, and I really want to help, but won't reset my pfSense to default.
But you can do so, and you see what the default settings are.@jeremyj said in DNS resolver - forwarding working recursive resolution not working:
as if I reset I have to rebuild all the rules, the vpns, etc.
Noop.
You can retrieve 'just' the OpenVPN settings, and 'just' the firewall rules from the backup you made.@jeremyj said in DNS resolver - forwarding working recursive resolution not working:
I am also intrigued as to why it is not working and what I am missing
Ones you have it working, make again a config backup.
Compare it with the initial backup.
The difference you'll find is the reason.@jeremyj said in DNS resolver - forwarding working recursive resolution not working:
my outgoing NAT
Outgoing NAT ??
That makes me think : when you undo all the changes you made when setting up the OpenVPN client, DNS works ... ?
