Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No DNS Unless Set In DHCP

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 809 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnnyrocket
      last edited by

      I'm new to pfSense (using a SG1100) which replaced a Ubiquiti USG.

      I set DNS in System/General Setup per Configuring DNS over TLS.

      I have the following networks:
      10.1.0.0/24 (admin) - no DNS changes in DHCP, main wifi network
      10.20.0.0/24 VLAN50 (guest) - no DNS changes in DHCP, wifi network with isolation enabled
      192.168.54.0/24 VLAN60 (work issued computer) - 8.8.8.8 set in DHCP, single switch port

      Everything is working as expected.

      After some YouTube videos I decided it would be wise (fun?) to move the main WiFi off of the management LAN and onto a VLAN with firewall rules to keep IOT devices and friends out of things they shouldn't be in.

      I created 10.10.0.0/24 VLAN70. One allow all firewall rule for initial testing. I could ping everything else on the network but no internet access. I followed Client Tests and determined it is a DNS issue.

      If I give this new LAN a DNS server in Services/DHCP Server/NEWLAN (even the exact same as System/General Setup) the new LAN works fine.
      I'm stumped as to why this is the case... am I missing something?

      Any help is appreciated!

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @johnnyrocket
        last edited by

        @johnnyrocket what rule(s) exactly did you put on this new vlan? Did you allow for dns?

        Out off the box when you enable dhcp, the dhcp server will hand out pfsense IP on that interface as the dns.

        Do you not have unbound listening on that interface? Had you modified the ACLs in unbound from the default automatic that allows all pfsense networks?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • J
          johnnyrocket
          last edited by johnnyrocket

          @johnpoz Thanks for the quick response.

          alt text
          I think this should allow for everything?

          @johnpoz said in No DNS Unless Set In DHCP:

          Do you not have unbound listening on that interface?

          Not sure how I would have disabled that...

          @johnpoz said in No DNS Unless Set In DHCP:

          Had you modified the ACLs in unbound from the default automatic that allows all pfsense networks?

          I don't think so. You're talking about Services/DNS Resolver/Access Lists? That has no entries.

          The rest of the network still functions fine btw. Adding the new network didn't affect the existing networks.

          I think this should allow for everything?

          The rest of the network still functions fine btw. Adding the new network didn't affect the existing networks.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @johnnyrocket
            last edited by

            @johnnyrocket said in No DNS Unless Set In DHCP:

            That has no entries.

            If you turned off auto, then no entries would mean nothing works.

            Do you have any other rules on the this vlan interface? Like blocking rfc1918, have seen that way more than you could possible think possible ;)

            On a client on this network.. Look at its config - do you get the IP address of the interface for your dns server?

            Do a query with your fav dns tool, dig, host, nslookup at the pfsense IP - does it resolve anything?

            dns.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            J 1 Reply Last reply Reply Quote 0
            • J
              johnnyrocket @johnpoz
              last edited by

              @johnpoz I'm going to sound like I'm losing my mind. Had to run some errands for a few hours. I removed the DNS entry from the DHCP config a bit ago to run the tests you suggested and now they work just fine.
              I have no explanation... I'm speechless.
              Thank you for your time troubleshooting with me.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.