Pfsense and network DNS
-
-
@jrey Yeah, that's the area I set my DNS server. I thought that would work, but my pfsense itself can't communicate with my DNS server, but for some reason it sends all of my devices to my DNS server, but not itself.
-
@swampland7794 and what do you have this set too?
-
@swampland7794 said in Pfsense and network DNS:
but my pfsense itself can't communicate with my DNS server
why not? rule blocking it?
just below that the setting "DNS Resolution Behavior" what do you have selected there?or what @johnpoz is showing just above
-
@jrey The only way you could set pfsense to not talk to some IP would be to create a outbound rule in floating.
While that is possible, seems unlikely that a new user would be doing that? Maybe he setup some soft of pfblocker rules that are doing it?
Baring some firewall rule - pfsense itself should be able to talk to anything.. Thinking maybe he adjust that setting, by default it for sure would ask itself, ie unbound or dnsmasq.. And not ask what he put in there.. Unless he changed that setting?
-
@johnpoz I have it set to use remote DNS and ignore local DNS. I can't send a screenshot an Android, I don't have a secondary DNS setup though.
-
@swampland7794 and when you go to the dns lookup under diagnostic menu and lookup something, what does it show?
-
@johnpoz this is a new installation, I tried the new DHCP server and I couldn't figure it out, then continued with IS DHCP. I setup OpenVPN according to a YouTube video, then setup cloudflare ddns which didn't work with OpenVPN, so I use my public IP to connect my VPN, after that it was just me needing with anything that said "DNS".
-
@swampland7794 not sure what that has to do with what dns pfsense uses? Here I posted pfsense to local dns I spun up.. And set pfsense to point there for its dns, and that is what it is using as you can see from dns lookup
-
@johnpoz Host "www.google.com" could not be resolved.
DNS Lookup
Hostname
Timings
Name server Query time
127.0.0.1 No response
2001:558:feed::1 No response
2001:558:feed::2 No response
203.128.45.2 0 msec -
@swampland7794 well clearly you didn't set it to ignore local.. Or it would of never tried asking 127.0.0.1
When you changed that drop down to use remote, ignore local did you scroll to the bottom and hit save? Did you see it say
You prob also want to uncheck that let wan override dns settings - see my screenshot
-
@johnpoz I would would send you a screenshot, but I can't figure out how to upload one from Android. That's what my options are set to under general settings. It shouldn't use 127.0.0.1 since that's the loopback address.
-
@swampland7794 said in Pfsense and network DNS:
It shouldn't use 127.0.0.1 since that's the loopback address.
Not if you set it to use remote and ignore local.. As to posting a screen shot use this button
Or you could use this to post some external image
-
@johnpoz thanks, I pressed the wrong icon.
-
@swampland7794 I unchecked that option after the screenshot was taken.
-
@swampland7794 well when you do your dns lookup now under diagnostics what do you see.. From your screenshot before that IP answered - but looks like it couldn't lookup google.. But showed a 0 ms response time..
Query something you know your local dns has a record for, or can lookup.. do a simple query to it with your fav tool other than pfsense for example..
-
@johnpoz said in Pfsense and network DNS:
seems unlikely that a new user would be doing that
True, but you never know, if you don't ask.
Take my wife for example. Give her a piece of tech and she pokes buttons "learning". then in a few days hands the device back to me, and says "it is broken, can you make it go". First question is always, "so what did you poke?".Maybe he setup some soft of pfblocker rules that are doing it?
not likely. Although there was a report a while back, that one of the "lists" had added 9.9.9.9 (in error) and anyone using that list, with that DNS suddenly didn't resolve.
in the very first post,
@swampland7794 said in Pfsense and network DNS:
I have a mini server with technitium DNS server on it and I changed pfsense general settings to have this device as the only DNS server,
I noticed that all of my devices are using my DNS server except pfsense itself.
The IP address for DNS at 203.x.y.z doesn't seem like his local "have a mini server with technitium DNS server"
that address seems more like
inetnum: 203.128.32.0 - 203.128.63.255 netname: SawasNet descr: Beijing Sawas Technology Co.LTD. descr: Room 608,Beihang Boyan Building,No.238 Fouth descr: Northern Central Road,Haidian District,Beijing country: CN -
@johnpoz I chose Google and my docker server.
-
@jrey I manually set my subnet to something obscure like 203.128.45.0/24 which puts my pfsense box at 203.128.45.1 and my mini server at 203.128.45.2
-
@swampland7794 said in Pfsense and network DNS:
set my subnet to something obscure
randomly or do you own the address space?
