DNS reverts to isp servers
-
Been trying to fix this problem for a long time but just getting nowhere
my system is pretty much as described here https://nguvu.org/pfsense/pfsense-baseline-setup/#wan%20firewall
It was working fine for years until nordvpn changed something (am guessing here only evidence is it all started going wrong when they changed the usernames and passwords
Ok that said - my problem is the DNS is now only using my ISP servers and not whats being reported
127.0.0.1
103.86.99.100
103.86.96.100If i dont set use local DNS (127.0.0.1) fallback to remote DNS servers Default
i get no internet response - Im guessing this as a DNS problem but cant see a way to force the DNS entered in the gen settings to be used and having working
The trouble is ive been tying to sort this for weeks and everything Ive tried either doesn't work or kills internet - any ideas would a great help -
@fin1000 said in DNS reverts to isp servers:
If i dont set use local DNS (127.0.0.1) fallback to remote DNS servers Default
i get no internet responseThis setting just affects the DNS behavior of pfSense itself, as long as you don't forward DNS requests.
So how did you configure your local DNS?
Did you check "DNS Server Override" in the general settings?
-
No I left that blank - it’s been I long time since I built it and I’ve forgotten virtually all I learned about setting it up but the odd thing is when it was set up DNS functioned correctly for years with no problems
I’ve got 2 vlans with one as vpn and the other straight to the isp - just can’t see where the instructions to use the WANs/isp DNS is coming from -
@fin1000 I am pretty sure there have been other threads about DNS problems, and NordVPN. I don't use it though so do not remember details.
There is a DHCP setting to use DNS servers:
https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html#servers"If the built-in DNS Resolver or DNS Forwarder is used to handle DNS, leave these fields blank and pfSense
will automatically assign itself as the DNS server for client PCs. If the DNS forwarder is disabled and these fields are left blank, pfSense software will pass on whichever DNS servers are defined under System > General Setup." -
@SteveITS
Thanks for that info.
Will have to attempt to rebuild this as something is very flaky - the vpn gateway is going off line with latency warnings and other weird stuff
Luckily I’ve got a solid 2.4.5 release that’s been totally solid for years (apart from getting broken by updating- so rapidly downgrading)
Nordvpn has definitely changed something but no-one can explain tho -
@fin1000 said in DNS reverts to isp servers:
Nordvpn has definitely changed something but no-one can explain tho
You have to 'reach out' to find out what happens.
This thread is an example.
The first several post talk about VLANs and whatever the reason might be, but half way down you'll discover what NordV*N did ..... it's pretty amazing.
Take 10 minutes reading, do some testing yourself. You'll see ^^And yes, the example shows clearly : NordV*N will not explain what so ever to you. Neither what they are doing. That's ok, we already know why ....
Maybe this issue is now resolved. Just be ready for the next one. -
Many thanks for that !! I had been researching but missed this one and not being on the ball with network magic it’s gotten crazy and most attempts to rectify it kill the internet either on isp vlan or vpn or both hence the return to my old faithful 2.4 pfsense
In addition to the dns problems my Wificalling )T-Mobile run) ceased to work on the Nord vpn servers after being good for a long time -
@fin1000 said in DNS reverts to isp servers:
hence the return to my old faithful 2.4 pfsense
NordV#N f#cks up major so you decide to introduce, as a solution ( ? ), a massive security issue in your network by using very ancient router/firewall ?
Why ?Btw : The openvpn / openssl versions used by pfSense 2.4.5 shouldn't even be compatible anymore with whatever VPN (using openvpn) supplier out there .... and if it is, that's a solid reason not to use their services.
-
@Gertjan
You’re correct of course, but that’s why I’ve built a new one on initially 2.6 and that’s the one that’s having issues
I’m not anyway an networking expert - just attempting to understand the “black art” and although some would say just use a consumer asus or netgear router powers that be have blocked the once useable wrt router hacks to allow vpns and other stuff
Anyways- thanks for your help
In the end there is a big chasm between engineers and end users
