DNS Resolver Status not showing the resolved domains

Uglybrian

@Uglybrian said in DNS Resolver Status not showing the resolved domains:

Try these settings, they are what i use. I do not use 3rd party for my DNS like google or cloudflare. PfSense does it all for me.

Screenshot from 2024-07-23 09-10-52.png

moelharrak

@johnpoz thank you for your answer, I do understand that the Forwarder status shows only the status of the server that it talks to, so How can I see all the cache as @Uglybrian able to see ?
@Uglybrian are you using pfblocker ? Python Module Script is not shown in my case

Uglybrian

@moelharrak yes, I am using PF blocker.

johnpoz

@moelharrak that has nothing to do with pfblocker what he posted.. That is just the "infrastructure" cache..

I already showed you how to view the full cache.. I was not aware that pfblocker has an option to show you that - it might be able to show you stuff that was queried, etc.

I don't see any post from him other than the standard infrastructure cache that is under status resolver

moelharrak

That is become confusing for me now, I did disable the " DNS Query Forwarding", and now I am able to see the cache

Any Idea why , and if the Upstream DNS configured in the systems will be used or no?

johnpoz

@moelharrak what part are you not getting - that is not the full cache!!! That is the infrastructure cache.. IE what name servers unbound is talking too..

moelharrak

What do you mean by Infrastructure ?
If you see my first post, I was not able to see anything at all, so what is the difference now , that when I disabled DNS Query Forwarding , I start at least seeing something?

johnpoz

@moelharrak dude your first post you do see the dns you were pointing to 1.1.1.1 and 1.0.0.1

Not sure what your not getting..

https://docs.netgate.com/pfsense/en/latest/monitoring/status/dns-resolver.html#dns-resolver-status

Gertjan

@moelharrak said in DNS Resolver Status not showing the resolved domains:

If you see my first post, I was not able to see anything at all, so what is the difference now , that when I disabled DNS Query Forwarding

When you installed pfSense, the resolver was resolving, and you had something to show up under Status > DNS Resolver.
Then, for some reason, you didn't mention that, you disabled the resolving mode and went on doing forwarding. Do you know or can you tell why ?
Anyway, even I had my memory refreshed, as Status > DNS Resolver shows the 'infrastructure' : the DNS sources (servers !) it uses to resolve.

What do you mean by Infrastructure ?

If you forward to 1.1.1.1 and 1.0.0.1 then these two are the only ones listed.
If you were resolving, you would see a whole list of DNS servers, the root servers, de TLD servers, and the domain name servers.
It's the domain name servers that eventual give the answer to question like :
What is a IPv4 (or A record) of "www.facebook.com" ?

To really see what is in the query DNS answer cache, you have to visit the command line. The command to use is shown above.
Or
Install pfBlockerng, and look at the Firewall > pfBlockerNG > Alerts - see the Unified logs.
Or, when you use pfBlockerng, another command :

cat /var/unbound/var/log/pfblockerng/dns_reply.log

This file shows the host name requested, who whas asking it, what the answer was, and if the answer was in the local unbound cache, or if it was resolved. The TTL isn't shown.

moelharrak

Thank you all for your answers.
What is the best practice regarding DNS queries ? Specify the DNS servers in the System > General Setup , and what is the best to enable DNS Resolver or DNS Forwarder ? and I need to know if the both can save the cache locally to check first because my goal is to make DNS queries faster that all.

Gertjan

@moelharrak said in DNS Resolver Status not showing the resolved domains:

Specify the DNS servers in the System > General Setup

My 'church' says : you'll add none.

This is the perfect way of doing things :

And this goes with it :

(do not select that button ! )

Why ?
Because it's the default setting, Netgate has chosen these, and as these guy know their DNS around, that's what you should use.
But, of course, if you signed up a contract with "8.8.8.8" or "1.1.1.1" and they pay you for your private DNS info, then, why not, you should forward to these guys.
It's a free world after all, and if you can make some money out of it, then that's just great

pfSense has its own resolver for years now, so you don't need to use any 'DNS server' - the only thing you need, is an access to the free 13 main DNS root server. These are the ones who make DNS work, these are the ones you should use, as it was intended when the Internet (DNS actually, DNS didn't exist in the beginning)

edit : another reason : these settings are part of the Keep It Simple concept.
Install pfSense - done nothing (well, you change the password) and your good, it works, like any other router you'll find out there.
The planet wide sickness "you have to use 8.8.8.8, or some other remote entity, as a DNS" has been crafted because your DNS traffic is worth gold, and I'm not exaggerating here, for them, and this belongs to the "You are the product" concept.

Also, when you belong to the "I resolve" club, you have statically spoken, less issues with DNS. It just works. and that's not a hazard or be lucky, the DNS system was meant to be used like that.
How DNS Works - Computerphile

Btw : all this is of course my own opinion.

tinfoilmatt

This post is deleted!