pfsense blocking some sites

Gurveer · Aug 30, 2022, 1:35 PM

ive freshly installed pfsense and upgraded to plus edition but pfsense blocked sites(ie: https://www.bsnl.co.in https://portal.bsnl.in
https://portal2.bsnl.in )in both editions(ce and plus), also i tried everything mentioned here(https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html#:~:text=If%20some%20sites%20will%20load,are%20a%20few%20possible%20causes.&text=Use%20traceroute%20to%20determine%20where,not%20the%20firewall%20or%20ISP.&text=Check%20Clear%20invalid%20DF%20bits,Advanced%2C%20Firewall%2FNAT%20tab.) but nothing changed.These websites opens seamlessly when directly connected to isp modem or using opnsense os(i dont want use opnsense because it doesnt support alias bandwidth control).I havent installed any package.

rcoleman-netgate · Oct 2, 2022, 4:36 PM

@gurveer Do those domains resolve when you go to Diagnostics->DNS Lookup?

Gurveer · Oct 2, 2022, 4:44 PM

@rcoleman-netgate thanks pal www.bsnl.co.in started opening after doing dns lookup but portal.bsnl.in, portal.bsnl.in are not opening.pls help

rcoleman-netgate · Oct 2, 2022, 5:01 PM

@gurveer If some but not all are resolving check in the DNS lookup which server(s) should be resolving it and see what happens. If you have specific DNS servers named (like they exist only on a single or two DNS servers) and those servers are timing out, offline, or ignoring your request then they will never resolve.

For example:
I cannot resolve "portal.bsnl.in" from here. I suspect the DNS servers you are querying do not know these hostnames exist.

ping: cannot resolve portal.bsnl.in: Unknown host

Gurveer · Oct 2, 2022, 5:12 PM

@rcoleman-netgate they started resolving but portal.bsnl.in , portal2.bsnl.in aint opening even after resolved tho they all three (bsnl.co.in,portal.bsnl.in , portal2.bsnl.in) opens and resolved fine on opnsense using 1.1.1.1 (also i use same for pfsense)

rcoleman-netgate · Oct 2, 2022, 5:46 PM

@gurveer The hostname started working for me this time around - I suspect there was a DNS configuration/propagation issue with that specific hostname.

Gurveer · Oct 2, 2022, 7:14 PM

@rcoleman-netgate what should i do to make them work/open?

bingo600 · Oct 3, 2022, 4:10 PM

@rcoleman-netgate

Works fine for me (DK)
Trying this one in FF : https://portal.bsnl.in

redirects me to portal2.bnsl.in

I'm on 22.05 , using unbound ... But pfSense forwards to two local Linux DNS servers , running bind9.

This is a dig on my linux laptop , that resolves via pfSense

linux-laptop:~$ dig  portal.bsnl.in

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> portal.bsnl.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 575
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;portal.bsnl.in.			IN	A

;; ANSWER SECTION:
portal.bsnl.in.		10800	IN	A	117.255.216.68

;; Query time: 1546 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 03 17:53:25 CEST 2022
;; MSG SIZE  rcvd: 59

linux-laptop:~$ dig portal2.bsnl.in

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> portal2.bsnl.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43804
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;portal2.bsnl.in.		IN	A

;; ANSWER SECTION:
portal2.bsnl.in.	10800	IN	A	117.239.179.10

;; Query time: 312 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 03 17:54:22 CEST 2022
;; MSG SIZE  rcvd: 60

linux-laptop:~$

This is a dig on my linux DNS server resolving via 1.1.1.1

linux:~$ dig portal.bsnl.in @1.1.1.1

; <<>> DiG 9.10.3-P4-Debian <<>> portal.bsnl.in @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43275
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;portal.bsnl.in.			IN	A

;; ANSWER SECTION:
portal.bsnl.in.		10800	IN	A	117.255.216.68

;; Query time: 168 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Oct 03 17:56:36 CEST 2022
;; MSG SIZE  rcvd: 59

linux:~$ dig portal2.bsnl.in @1.1.1.1

; <<>> DiG 9.10.3-P4-Debian <<>> portal2.bsnl.in @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1618
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;portal2.bsnl.in.		IN	A

;; ANSWER SECTION:
portal2.bsnl.in.	10800	IN	A	117.239.179.10

;; Query time: 171 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Oct 03 17:56:50 CEST 2022
;; MSG SIZE  rcvd: 60

Had to use the Linux DNS server to query via 1.1.1.1.
DNS is locked down (to pfSense only) , on my normal vlans.

Edit:
Did we ever see OP's Unbound Config screenshots and the System --> General setup "DNS section" setup screenshots ??

/Bingo

Gurveer · Oct 3, 2022, 4:11 PM

@bingo600 it doesnt even opens for me portal.bsnl.in or portal2.bsnl.in tho im on same release

bingo600 · Oct 3, 2022, 4:38 PM

@gurveer

Let's continue in the other thread.

https://forum.netgate.com/topic/174428/pfsense-blocking-certain-some-sites/15