Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dns resolution strange behavior?

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • perikoP Offline
      periko
      last edited by

      Hi people.

      I got pfsense 2.0.1 nano with dns forwarder enable.

      I change my ISP in our company and we need to wait a couple of days for dns updates, well the strange thing was that, after a couple of days I test in my pfsense box our dns:

      ns1…, ns2..., ns2...

      And at the console pfsense it give me back the new IP good, but in some clients went I try to access our company web email with firefox or iexplore, those still point to the old IP, they have pfsense as dns/gw.

      I open the cmd and test with nslookup and the 3 queries give to me my new IP.

      My questions is, why the browsers still point to the old ip? they query my psense box.

      Right now they are working, but this questions is in my head.

      Thanks!!!

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        "I change my ISP in our company and we need to wait a couple of days for dns updates"

        Why do you think you needed to wait a couple of days?  What was the TTL of your record?  Did it take days for your registrar to point to your new dns?

        There seems to be this misconception that dns takes days to update, sorry but this is just not the case.  Records changed on a name server are instant.  Most registrar update roots in a few hours.  There is no reason your waiting days other than not understanding ttls, if you were going to change your name servers or records, then you should of lowered your ttls before doing such a thing and you would not have to worry about what is cached.

        Here is the thing, whatever name server your checking is prob caching, your local machine caches, and your browser even caches.  So you need to understand what your ttl for both your NS for your domain, and any records your serving, etc.  And then where they might be cached.

        Flush your cache, do a query directly to the owning server of your domain, etc.  What registrar are you with, I have never seen one take days to update.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        1 Reply Last reply Reply Quote 0
        • perikoP Offline
          periko
          last edited by

          There seems to be this misconception that dns takes days to update, sorry but this is just not the case.  Records changed on a name server are instant.  Most registrar update roots in a few hours.  There is no reason your waiting days other than not understanding ttls, if you were going to change your name servers or records, then you should of lowered your ttls before doing such a thing and you would not have to worry about what is cached.

          Well is the message u see went u change your settings with the company u are register.

          Right now everything is normal but is what I detect, I try flushing local and even pfsense.

          But thanks for your info!!!

          Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
          www.bajaopensolutions.com
          https://www.facebook.com/BajaOpenSolutions
          Quieres aprender PfSense, visita mi canal de youtube:
          https://www.youtube.com/c/PedroMorenoBOS

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            Because they cater to USERS ;)  And depends on the company what they say in their help.

            "I try flushing local and even pfsense."

            And what about your browser, did you restart it?  flushing means nothing if you don't understand were your doing the query against.  If you have pfsense pointed to your ISP, which also caches - flushing your pfsense does nothing.

            But like I said you could always query the OWNING NS directly, then does not even matter if roots have been updated or not.  Its your domain, you know which NS are authoritative for your domain - don't you?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • perikoP Offline
              periko
              last edited by

              Of course I know what ns I have, I try different things in the client side, but right now is working.
                Thanks for your info guys!!!

              Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
              www.bajaopensolutions.com
              https://www.facebook.com/BajaOpenSolutions
              Quieres aprender PfSense, visita mi canal de youtube:
              https://www.youtube.com/c/PedroMorenoBOS

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                "I try different things in the client side"

                Like a simple query to your authoritative NS for your domain?  This would put the correct record instantly!  Unless you had not changed it on the NS.

                Does not matter if your registrar pointed to your new NS or not yet.  If you know what your NS are for your domain, you can always query them directly from the client.  Be it with dig or nslookup.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • C Offline
                  craigduff
                  last edited by

                  Sounds like they need a systems administrator on site.

                  Kind Regards,
                  Craig

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.