DNS Resolver not working after config restore

doxymoron

@steveits Yes I can ping 8.8.8.8 from pfsense for example. Traceroute gives me this:

1 10.6.0.1 10.781 ms 10.292 ms 9.396 ms
2 24.140.1.55 10.635 ms 8.590 ms 11.504 ms
3 * * *
4 * 64.125.22.228 33.254 ms *
5 * * *
6 74.125.50.194 21.498 ms 18.355 ms 19.994 ms
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *

SteveITS

@doxymoron well not every router will respond to pings but it looks like you connection dies at 74.125.50.194. Which apparently has no PTR record so not sure what that is.

Ping 8.8.8.8 continuously, do you have packet loss?

doxymoron

@steveits No, it's solid.

SteveITS

@doxymoron Long shot but does it work if you reset to defaults? Can always restore again after.

doxymoron

@steveits I just completely installed 2.6 from scratch. I'm unable to resolve anything. Something isn't right...could there be some issue at the ISP level where they are blocking pfsense as a DNS resolver? I don't get what's going on.

SteveITS

@doxymoron Can you “nslookup netgate.com 8.8.8.8” from your PC?

doxymoron

@steveits Yes that works. But when I try to nslookup using pfsense, gives me DNS request timed out.

SteveITS

@doxymoron if you enable forwarding in the Resolver settings does it work?

I mean, I suppose it’s conceivable the ISP is blocking third party DNS but I would think they’d block Google before the root servers. Awfully uncommon though. Not sure I’ve heard of blocking DNS at the ISP level.

doxymoron

@steveits So enabling forwarding worked on the fresh install. I have restored my config and made the same settings. It still did not resolve. I found this thread:

https://forum.netgate.com/topic/87141/can-t-access-internet-fresh-install/20

Which suggests doing this:

Go to Interface - WAN - Uncheck Block private networks.

I did this and now DNS Resolver is working. Interestingly, I went back and checked that box again, and it still continues to work. I really don't know why or how though...

SteveITS

@doxymoron Hmm that adds a rule to prevent incoming connections on the interface.

doxymoron

@steveits I wonder if somehow unchecking that box reset something that was in my config causing it not to work correctly? Not sure...