DNS Resolution from DNS Resolver is patchy.
-
Hey All,
I have configured the DNS resolver to use my VPN interface for DNS resolution, in that i have selected my VPN_WAN and VPNV6_WAN as the only Outgoing interfaces to use to send queries to authoritative servers.Enable Forwarding Mode is NOT checked so im using the root servers to resolve.
My problem is that only some DNS requests get answered at the client side, for example, on a windows machine in the LAN using nslookup with the pFsense (pfsense gateway ip) server selected (so server 192.168.x.1) i find that some DNS requests are not resolved.
For example, www.cnet.com always returns a timeout:-
> www.cnet.com Server: [192.168.5.1] Address: 192.168.5.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to [192.168.5.1] timed-out
Yet a lookup to www.pfsense.org works fine:-
> www.pfsense.org Server: [192.168.5.1] Address: 192.168.5.1 Non-authoritative answer: Name: www.pfsense.org Addresses: 2610:160:11:11::69 208.123.73.69
If i change the server selected in nslookup to my VPN DNS provider it WILL resolve www.cnet.com.
The strange thing is that in the logs it DOES look like lookups for www.cnet.com are being resolved.
Feb 26 18:43:18 unbound 41945:1 info: processQueryTargets: www.cnet.com. AAAA IN Feb 26 18:43:18 unbound 41945:1 info: resolving www.cnet.com. AAAA IN Feb 26 18:43:18 unbound 41945:1 info: resolving www.cnet.com. AAAA IN Feb 26 18:43:18 unbound 41945:1 info: resolving www.cnet.com. AAAA IN Feb 26 18:43:18 unbound 41945:1 info: resolving www.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: processQueryTargets: www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: resolving www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: resolving www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: resolving www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: query response was CNAME Feb 26 18:43:16 unbound 41945:1 info: reply from <cnet.com.>193.108.91.230#53 Feb 26 18:43:16 unbound 41945:1 info: response for www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: iterator operate: query www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_reply Feb 26 18:43:16 unbound 41945:1 debug: cache memory msg=178017 rrset=374568 infra=431201 val=0 Feb 26 18:43:16 unbound 41945:1 info: processQueryTargets: www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: iterator operate: query www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_pass Feb 26 18:43:16 unbound 41945:1 info: finishing processing for ns.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: resolving ns.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: iterator operate: query ns.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 debug: iterator[module 0] operate: extstate:module_state_initial event:module_event_pass Feb 26 18:43:16 unbound 41945:1 info: processQueryTargets: www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: iterator operate: query www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_pass Feb 26 18:43:16 unbound 41945:1 info: finishing processing for ns3.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: resolving ns3.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: iterator operate: query ns3.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 debug: iterator[module 0] operate: extstate:module_state_initial event:module_event_pass Feb 26 18:43:16 unbound 41945:1 info: finishing processing for ns2.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: resolving ns2.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: iterator operate: query ns2.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 debug: iterator[module 0] operate: extstate:module_state_initial event:module_event_pass Feb 26 18:43:16 unbound 41945:1 debug: sending to target: <cnet.com.>193.108.91.230#53 Feb 26 18:43:16 unbound 41945:1 info: sending query: www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: new target ns.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: new target ns2.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: new target ns3.cnet.com. AAAA IN Feb 26 18:43:16 unbound 41945:1 info: processQueryTargets: www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: resolving (init part 3): www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: resolving (init part 2): www.cnet.com. A IN Feb 26 18:43:16 unbound 41945:1 info: resolving www.cnet.com. A IN</cnet.com.></cnet.com.>
So am i reading this correctly? (That i am seeing a reply) and if so why is it not resolved?