websites dont load
-
hello,
I have a 4200 from netgate.
I am new to pfsense, and alot of websites are not working on my lan (static ipv4 192.168.1.1) network (which is hooked to wan). i dont really have any firewall settings.short list of websites that dont work.
https://en.wikipedia.org/
https://www.reddit.com/
https://www.ebay.com/
ect...I think this might be a dns issue, using my old router i can access all the websites.
1.I have tried to set dns servers to different value such as 1.1.1.1, 8.8.8.8
2. tried to set DNS Sever Overide with or without 1,3
3. Set DNS Resolution behavior to remote DNS Servers with or without 1,2.
4. messed with other random settings to no effect, have turned them back to default.
5. tried to flush DNS cache on PC
6.tried to flush DNS on Pfsense.Im at the end of my rope.
I am going to sleep but if there is quick response i might stay on longer, i will check this thread in the morning.please help.
-
@lefteh said in websites dont load:
my lan (static ipv4 192.168.1.1) network (which is hooked to wan).
LAN hooked up to WAN ?
Explain more.
What is the WAN IP right now ? It should not be 92.168.1.x/24.@lefteh said in websites dont load:
https://en.wikipedia.org/
https://www.reddit.com/
https://www.ebay.com/These URLs are for humans.
pfSense doesn't use this kind of info, it works with IP addresses etc.
True, your LAN PC is asking pfSense to resolve, for example : en.wikipedia.org into a IPv4 before it can connect to this site.
Like :C:\Users\Gauche>nslookup en.wikipedia.org Serveur : pfSense.bhf.tld Address: 2a01:cb19:dead:beef:92ec:77ff:fe29:392c Réponse ne faisant pas autorité : Nom : dyna.wikimedia.org Addresses: 2a02:ec80:600:ed1a::1 185.15.58.224 Aliases: en.wikipedia.org@lefteh said in websites dont load:
I think this might be a dns issue, using my old router i can access all the websites.
1.I have tried to set dns servers to different value such as 1.1.1.1, 8.8.8.8
2. tried to set DNS Sever Overide with or without 1,3
3. Set DNS Resolution behavior to remote DNS Servers with or without 1,2.
4. messed with other random settings to no effect, have turned them back to default.Out of the box, pfSense needs one (1 : truly) thing from you : a password. I'm not kidding.
When set, the rest will works for 99,99 % in all usage cases.Messing with the DNS isn't needed (imho : strongly discourage you to do so) as pfSense uses a resolver, which needs no setup off any kind : the main "13 Internet root servers" are known since decades, and pfSense knows about them.
If these "13" don't work, it's Internet shutting down straight away. Look, outside : no hordes of panicking people ? Then all goes well. -
@Gertjan
when i am talking about wan 2 lan i just mean that internet is passing through to the lan, they are not physically connected. Since lan does not intrinsically mean that there is internet.
PORT1WAN (pretty standard name) starts with 4x.xx.xxx.xx it it is not in the RFC range.C:\Users\foo>nslookup en.wikipedia.org Server: pfSense.home.arpa Address: 2600:6c42:6c7f:583c:92ec:77ff:fe8e:c3c1 *** pfSense.home.arpa can't find en.wikipedia.org: Server failedC:\Users\foo>nslookup google.com Server: pfSense.home.arpa Address: 2600:6c42:6c7f:583c:92ec:77ff:fe8e:c3c1 Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:4009:80b::200e 142.250.190.110my username is admin and i have a new password set for it to log in.
the only thing suspicious i may be doing is spoofing the old MAC address of my router such that it my internet provide doesn't need to be called again.
I have no idea which logs are important.
-
No pfSense packages ?
Your LAN uses IPv6.
By any chance, does your WAN also have a working IPv6 access ?
For example, an you ping www.google.com using IPv6 :ping6 www.google.com?
Lets question unbound, the resolver. First, make it more verbose.
General Settings > Advanced Settings > Access Listsand set level 3. Save and Apply.
From now on, under Status > System Logs > System > DNS Resolver, you'll see for more 'DNS' details.
-
I dont think i have any packages?
I believe so, in the interfaces for PORT1WAN on main page there appears to be a valid ipv6.C:\Users\foo>ping -6 www.google.com Pinging www.google.com [2607:f8b0:4009:81b::2004] with 32 bytes of data: Reply from 2607:f8b0:4009:81b::2004: time=18ms Reply from 2607:f8b0:4009:81b::2004: time=17ms Reply from 2607:f8b0:4009:81b::2004: time=17ms Reply from 2607:f8b0:4009:81b::2004: time=18ms Ping statistics for 2607:f8b0:4009:81b::2004: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 17ms, Maximum = 18ms, Average = 17msAug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a24-131.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: processQueryTargets: a5-130.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: sending to target: <akagtm.org.> 23.211.132.131#53 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: iterator operate: query a18-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a18-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: sending to target: <akagtm.org.> 2.16.130.131#53 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: iterator operate: query a5-130.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a5-130.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: processQueryTargets: a24-131.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a24-131.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: processQueryTargets: a22-130.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: sending to target: <akagtm.org.> 23.211.132.131#53 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: iterator operate: query a5-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a5-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: iterator operate: query a13-129.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a13-129.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: processQueryTargets: a5-130.akagtm.org. A IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: sending to target: <akagtm.org.> 23.211.132.131#53 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: iterator operate: query a26-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a26-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: sending to target: <akagtm.org.> 2.22.230.129#53 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: iterator operate: query a6-131.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] info: sending query: a6-131.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply Aug 15 07:50:05 unbound 63427 [63427:3] info: processQueryTargets: a8-128.akagtm.org. AAAA IN Aug 15 07:50:05 unbound 63427 [63427:3] debug: sending to target: <akagtm.org.> 23.74.25.128#53 Aug 15 07:50:05 unbound 63427 [63427:3] debug: cache memory msg=157116 rrset=313626 infra=201584 val=89545 Aug 15 07:50:05 unbound 63427 [63427:3] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreplyits going like 1000 messages per second.
every time i refresh it the data is differnet. -
@lefteh said in websites dont load:
its going like 1000 messages per second.
every time i refresh it the data is differnet.Yeah, so keep in mind : when all is done and over, set the unbound log level back tot "1".
You shouldn't use the pfSense GUI to look at the log file.
Far better is the console or SSH access. he log files are here /var/log/Look at your watch, do a "nslookup en.wikipedia.org" and now open the resolver.log file, and search for when "en.wikipedia.org" was requested and handled.
-
Currently at work I'll give it a shot when I get home.
-
Looks like it we get NXDOMAIN ANSWER alot Im guessing i might need to talk to my internet provider.
-
@Gertjan
talked to my isp, they just replaced all of my coax lines since they were bad and they wouldn't let me talk to them about the dns problem.This was in fact not my current problem, it did improve my upload and download speeds but thats about it.
very unexpected.
Tomorrow ill call again since they are closed now.
