DNS lookup pfsense returns unexpected IP

meridium

Hi,
I am using pfsense 2.6 and have a DNS related issue.

I am using 2 DNS servers from NordVPN. When using the DNS lookup of psfense (or using nslookup via console), it is returning other IP addresses for obo-prod.oesp.ziggogo.tv then when I am executing nslookup (with same DNS servers) on my windows 10 laptop.

Restarting the DNS resolver service and rebooting pfsense had no effect.

Any idea what could be causing this? And how to fix this?

KOM

@meridium You're getting different IPs for the different CDNs being used depending where in the world you are. Look at your nslookup output. Your FQDN is being resolved to an Akamai host.

meridium

@kom Not sure what you mean by "You're getting different IPs for the different CDNs being used depending where in the world you are.".
I understand when executing an nslookup with different dns servers, the returned addresses can be different. Or when executing an nslookup using same dns server via a VPN and via non VPN connection, the returned addresses can be different. That is not the case here.

I am executing an nslookup on a windows laptop on my local network that is accessing internet via the pfsense router. When executing a DNS lookup on that same pfsense router it is returning different addresses. So I do not see, that different IP's are returned for different CDNs. Right?

Even when I am executing an nslookup on a windows laptop on my local network that has the pfsense router as DNS server, it is returning different addresses (same as in the cmd screenshot) then when executing a DNS lookup on that same pfsense router.

KOM

@meridium You mentioned NordVPN. I thought you were saying that pfSense resolves differently than your Winbox via VPN, which would be completely understandable. I assume you're using DNS Forwarder, or Resolver in forwarding mode? The NordVPN DNS servers are the only ones you have listed in System - General Setup? Do you have your WAN configured to allow DNS override via DHCP from your ISP? Quite often CDNs have pools of addresses that get served for a specific lookup that they rotate through for simple load-balancing. pfSense DNS caches the response. When I resolve that fqdn, I get 104.123.196.114 and 104.123.196.137. I use Resolver with no override and I get the same addresses whether I use pfSense or my desktop to resolve.

meridium

@kom I am using DNS Resolver (no DNS Forwarder) in forwarding mode. Indeed, the NordVPN DNS servers are the only ones I have listed under System - General setup. DNS Server Override is disabled.

Well, if DNS caching is the issue here, then a restart of the DNS Resolver service should fix this, right? Done that, and no fix.

So if you have some ideas what to investigate, let me know.

Thanks!

KOM

@meridium OK I think that explains it. If you are using Resolver then your LAN clients will get the authoritative response. However, pfSense for its own needs uses the DNS you have listed in General Setup. If you want to make it consistent, remove the NordVPN entries and add 127.0.0.1 to the DNS server list.

meridium

@kom My laptop is using pfsense as my local DNS server. So my laptop gets the (cached) authoritative response from pfsense. And pfsense gets the authoritative response from one of the DNS servers under General setup, right? If I remove the DNS servers of pfsense and replace it by 127.0.0.1, how will pfsense ever query any DNS server on the internet?

But you triggered me by hinting to remove the current DNS server addresses and adding 127.0.0.1 to it. Under System - General setup 'DNS Resolution Behavior' was not set to the default value. Was set to 'Use remote DNS Servers, ignore local DNS'. Not sure why I have done this. I have changed it to the default value 'Use local DNS (127.0.0.1), fall back to remote DNS Servers (Default)'. Now it seems to return correct IP addresses for obo-prod.oesp.ziggogo.tv.

So fingers crossed if this fixes my issue. However I do not understand why this should fix my issue.