VPN Connection Intermittently Causing DNS Failure
-
Hello all,
Hopefully you can help my diagnose a DNS issues I am having which is seemingly related to my VPN connection. Hopefully posted in the right section, was not sure whether it should live in DNS or OpenVPN section, so I took a gamble.
I currently have a split setup, with respects to only select LAN clients going out over the internet via the VPN while others go over the WAN. What I have noticed is that intermittently my internet will fail with respects to DNS resolution, no particular timing to it, but it is definitely related to the VPN connected. If I disconnect the VPN, DNS resolution will start to work again. Sometimes when I reconnect the VPN, it will behave for a few days before causing DNS issues again, or it can happen immediately once connected.
When checking the logs, at the time that DNS starts becoming an issue I get the below, so I am within reason, confident it is related to this event.
Perhaps it is related to the "dyndns" entry ?
I have the VPN configured to NOT pull DNS servers in VPN>OpenVPN>Clients and I have DNS forwarding enabled in Services>DNS Resolver>General Settings to ensure that all clients looking for DNS (which includes OpenVPN) to be directed to the DNS servers as configured in System>General Setup Screenshots as below referencing my configuration.
While I would imagine this is not relevant, I have the below Firewall rules for the VPN.
Floating Rule - VPN Killswitch
LAN Rules - One rule for directing specific LAN Alias over VPN, the other to direct all other LAN traffic over WAN.
DNS Rule
Lastly, in my Firewall rules I have following rule for DNS, I will be honest, I am not sure if this should even exist/required. I have not tested disabling it yet to see if it resolves my issues. Comments welcome
Let me know if any further information is required.
Many thanks in advance,
P -
@panzerscope
Sorry I can not help. I think I am having a problem similar to yours.NordVPN goin up and down is screwing up DNS Resolver.
https://forum.netgate.com/topic/187260/nordvpn-goin-up-and-down-is-screwing-up-dns-resolver
-
DNNSEC is only useful when resolving.
If forwarding, what you do, disable DNSSEC. -
@elegantd said in VPN Connection Intermittently Causing DNS Failure:
@panzerscope
Sorry I can not help. I think I am having a problem similar to yours.NordVPN goin up and down is screwing up DNS Resolver.
https://forum.netgate.com/topic/187260/nordvpn-goin-up-and-down-is-screwing-up-dns-resolver
Yeah it seems to be a common issue, I will check out your topic as well.
@Gertjan said in VPN Connection Intermittently Causing DNS Failure:
DNNSEC is only useful when resolving.
If forwarding, what you do, disable DNSSEC.Thanks for that. Since my original post I had already disabled DNSSEC and I also set it so that my outgoing DNS requests only go out over WAN and enabled "Strict Outgoing Network Interface binding"
I was trying these settings as it was mentioned in another similar topic here: https://forum.netgate.com/topic/186580/dns-suddenly-broken-on-some-vlans?_=1712323517348
Unfortunately I do not think it has resolved my issue as I can see that I cannot access my home network remotely, so looks like I still have the issue :(
-
When you say DNS is down do you also mean the firewall itself can not resolve a hostname? Have you tried going into Diagnostics->DNS Lookup and see what is reporting back?
-
If you have this set like this
The firewall should always be able to reach to dns server because it will fallback to what your ISP provides.
I am using both an OpenVPn server a two clients NordVPn and Surfshark. Other than the SNort problem I had. I do not have any problems with dns. I will show you what I have maybe that will help you.
OpenVPN Server settings
DNS resolver settings
-
Sorry had the wrong picture for OPenvpn server settings.
-
@elegantd said in VPN Connection Intermittently Causing DNS Failure:
Sorry had the wrong picture for OPenvpn server settings.
Thanks for the information. I managed to solve the issue (been ok now for a fair few days) by restricting outgoing DNS requests over my WAN interface only. It is worth noting that I am using an OpenVPN client on PfSense, not a server.
Since having DNS go over WAN only, I have not had any hiccups. This is with the resolver forwarding DNS requests directly to remote DNS.