Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN

SteveITS

@noitalever not really related but if you are not forwarding normally, why set pfSense to not query itself? I guess it would work in that config.

Are there any rules, including floating, that might block DNS?

There is this, which I don’t think made it into 23.05:
https://redmine.pfsense.org/issues/14056

noitalever

@johnpoz Thanks, and complete noob question, but where do I "dig"? I don't see a shell or terminal and the "command" menu choice seems to just want me to send a command, but not sure how to format it.

i'm obviously missing something... obvious. since the forums don't seem to have instructions.

SteveITS

@noitalever It’s common on *nix OSs but you can install on Windows:
https://docs.digitalocean.com/tutorials/use-dig/

Gertjan

@noitalever said in Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN:

but where do I "dig"?

You have dig.
Its part of the commandset of pfSense.
SSH into pfSense using Putty if you have a Micirosft device, or use a native ssh client on all other devices.

Or use the console 'serial/USB' access if you have a Netgate device.
For other, VGA builds : use the keyboard + screen.

When you see the menu, use option 8 shell).

[23.05-RELEASE][root@pfSense.verylocal.net]/root: dig papamurphys.com +short
217.114.85.70

johnpoz

@noitalever said in Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN:

but where do I "dig"?

Thought it would be pretty clear from my posted example - clearly showing I was on pfsense ;)

doesn't the 23.05 release at the prompt give it away?

noitalever

@johnpoz Yep, I knew you were doing it on pfsense, I just have never had to do this with a pfsense box before and since this is a netgate appliance i didn't know if it was a "helpful gui" type thing where it hid things "most" people shouldn't need.

I'm mostly windows server guy. For firewalls, Fortigate where the console is built into the gui. This netgate gui didn't lend itself to a place where I would be able to use that command, hence my reply. Someone else gave me useful information, so i'm good.

We all have to start somewhere, and not knowing the steps to do something is pretty standard until you do.

SteveITS

@noitalever there is Diagnostics/Command prompt, though it is not interactive so can only run commands that end/complete.

noitalever

@noitalever EDIT: I updated to 23.05 and the problem went away, and all previous resolver settings are now back to normal.
from my brief stumbling around, I think it was an issue with their website not liking the advanced privacy options in the dns resolver I had checked.
-now to learn how to "dig".

noitalever

@Gertjan Thank you for this response, it was helpful.

johnpoz

@noitalever said in Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN:

advanced privacy options in the dns resolver I had checked.

And what are those? You were forwarding somewhere over tls?