Weirdester [sorry] DNS issue, appending local domain to querries inconsistently
-
Ok I don't have time right at this minute to read all through that info - but this jumps out at me
" I just set it back to 10.0.0.1-the lan address for pfsense. From a windows command line I got this[173.174.xx.xx is my external IP]:"
C:\Windows\System32>nslookup www.freebsd.org
Server: pfsense.MYDOMAIN.org
Address: 10.0.0.1Non-authoritative answer:
Name: www.freebsd.org.MYDOMAIN.org
Address: 173.174.xx.xxWhat is this MYDOMAIN.org thing?? Are you changing that, or is really mydomain.org? Since its all CAPS what are you changing this out for?
And do you see how I did a sniff, where is your sniff. I want to see exactly what your doing a query for and to where?
Those IPs you list don't seem like your ISP dns to me
dig -x 70.85.0.141 +short
8d.0.5546.static.theplanet.com.dig -x 129.115.102.150 +short
juliet.it.utsa.edu.dig -x 67.214.64.27 +short
dns1.telwestonline.comdig -x 199.192.200.41 +short
ct41.7wei.com.Those are not the dns servers for timewarner - where did you come up with using those?
And your config still shows the aliases for pfblocker and using the ad list that blocks freebsd.org network.
Lets see the sniff of your query, I really don't think your local domain is MYDOMAIN.org is it? And if it is - you do understand that is a public domain!! and I doubt you own it
Domain Name:MYDOMAIN.ORG
Created On:23-Aug-1996 04:00:00 UTC
Last Updated On:13-Aug-2012 13:20:37 UTC
Registrant ID:moniker1831
Registrant Name:Vince Di Bernardo
Registrant Organization:Vince Di Bernardo
Registrant Street1:18737 Shaws Creek RoadAnd a query for what you did a query for would fail
; <<>> DiG 9.8.1-P1 <<>> pfsense.mydomain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59437
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;pfsense.mydomain.org. IN A;; Query time: 524 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Sun Jan 13 08:50:19 2013
;; MSG SIZE rcvd: 38Not sure why you would hide a local domain?? if you really are uisng mydomain.org - bad IDEA, use something that is not public, mydomain.lan would be fine, etc.
But this is telling me it was cached at the server for that fqdn with your suffix on the end
Non-authoritative answer:
Name: www.freebsd.org.MYDOMAIN.org
Address: 173.174.xx.xxNot sure what this means..
nslookup www.freebsd.org.
Server: pfsense.MYDOMAIN.org
Address: 10.0.0.1Name: www.freebsd.org
Served by:- L.ROOT-SERVERS.NET
- M.ROOT-SERVERS.NET
- A.ROOT-SERVERS.NET
But clearly the box does not have a clue about that request. If it just throws back roots, but since it did not throw back a nxdomain, I would assume its telling you it needs to be forwarded??
Ad some point did you try and run local dns on pfsense? unbound? Or tiny? And I don't understand why your using those odd ball dns for your forwarders? Why not your provider? Or some more well known public dns, 4.3.3.3, 4.2.2.2
How about using debug on your nslookup, your going to see that windows is going to ask with its suffix attached
So you got something going on with that suffix your using? Lets see what is going on exactly, where is the sniff of the traffic from your client to pfsense, and then what pfsense sends out and gets back. Or what it answers back because it has that record.
-
I really appreciate you taking so much time trying to help. I blanked out the particulars of my domain name and external IPs for privacy/paranoia issues, the name itself isn't something that will get by censors. The DNS servers are ones that score the highest in DNSBench from http://www.GRC.com, the Gibsdon Research folk [ShieldsUp etc], plus one from my the DNSexit folk that I get my dynamic DNS workings. The ad-blocking list I am using is a static text file with the offending blockage removed, I can surf to freebsd.org with no problem, as I detailed above, right in the middle of writing the previous post, my main machine went from its typical not finding freebsd, to finding it, and then not finding it, all in 10 minutes, where the only thing I changed was checking the box on the 'append parent suffixes of the primary DNS suffix' in the advanced dns config settings for the NIC/connection in windows.
I can't figure out how to copy from wireshark, I get little pieces, but the query for freebsd looks like this:
www.freebsd.org: type A, class IN
I'm doing something wrong here, image: https://skydrive.live.com/redir?resid=CD4A1DE1B932EC1E!96107when doing the testing above, when it changed from not working to working to not working, after the initial query, there was not another one, the initial query for ip-adress.com was normal. I'm sorry this is the best I can do at the moment, I have some things I am running late for right now, and will be gone for most of the rest of the day, but tonight I will figure out how to suck more data from wireshark, I haven't used it all that much so I got some learnin' to do in that regard.
Again, thanks, really really thanks, for taking so much time. Have a good one.
-
What does get by censors mean? I am more worried about the tld, for a private domain you use on your lan for your local machines. I would not suggest you use any sort of valid tld, you run into an issue where it could resolve on the public net.
using mydomain.lan or .local or .foo etc. would be better options.
The query for freebsd.or looks like that where - on your lan, or that is what is going out the wan of pfsense when you ask for it?
For you to get a response with your public IP as the answer, something has to answer with that? It should not be possible for an external dns to respond – so I have to assume pfsense is responding.
Your pointing to 127.0.0.1 - pfsense itself for dns. So did you at some point try and run unbound or tiny dns, or some other dns -- did you install bind for example.
What do you have in your Host Overrides in dns forwarder under services?
By default windows will add its primary suffix to queries when looking for stuff that does not answer. So what is domain your using locally? mydomain.org is a valid domain on the internet - this is not something you should be using as your primary domain on your local boxes. Unless of course you owned and controlled that domain and wanted to do that??
Lets fully understand your local domain and hostnames and how they query, and then we can figure out how what your seeing is happening.
PM me your details of your domain if you don't want it public. But I don't see how something like curseword.lan would be an issue. the .tld is part I am curious about. org, net, com, info, biz, etc.. not good choices for local domains if you ask me.
More than happy to remote in and take a look with you if you want. We could use teamviewer to one of your local hosts and then access your pfsense gui and shell with you watching everything that we do, etc.
Just send me a PM and we can schedule a good time.
-
Okay, this is the best I can do, PC tsub, has pfsense as sole DNS, the details of a DNS query that fails at the browser:
Query
Frame: Number = 557, Captured Frame Length = 125, MediaType = WiFi- WiFi: [Unencrypted Data] .T….., (I)
- MetaData:
Version: 2 (0x2)
Length: 32 (0x20)
- OpMode: Unknown operation mode(16)
StationMode: (...............................0) Not Station Mode
APMode: (..............................0.) Not AP Mode
ExtensibleStationMode: (.............................0..) Not Extensible Station Mode
Unused: (.0000000000000000000000000010...)
MonitorMode: (0...............................) Not Monitor Mode
Flags: 4294967295 (0xFFFFFFFF)
RemData: Outbound
TimeStamp: 01/14/2013, 13:21:07.132834 UTC
- FrameControl: Version 0,Data, Data, .T.....(0x108)
Version: (..............00) 0
Type: (............10..) Data
SubType: (........0000....) Data
DS: (......01........) STA to DS via AP
MoreFrag: (.....0..........) No
Retry: (....0...........) No
PowerMgt: (...0............) Active Mode
MoreData: (..0.............) No
ProtectedFrame: (.0..............) No
Order: (0...............) Unordered
Duration: 32768 (0x8000)
BSSID: 10BF48 D99340
SA: 844BF5 B1B3A5
DA: TRENDware International, Inc. 154533
- SequenceControl: Sequence Number = 0
FragmentNumber: (............0000) 0
SequenceNumber: (000000000000....) 0 - LLC: Unnumbered(U) Frame, Command Frame, SSAP = SNAP(Sub-Network Access Protocol), DSAP = SNAP(Sub-Network Access Protocol)
- DSAP: SNAP(Sub-Network Access Protocol), Individual DSAP
Address: (1010101.) SNAP(Sub-Network Access Protocol)
IG: (.......0) Individual Address
- SSAP: SNAP(Sub-Network Access Protocol), Command
Address: (1010101.) SNAP(Sub-Network Access Protocol)
CR: (.......0) Command Frame
- Unnumbered: UI - Unnumbered Information
MMM: (000.....) 0
PF: (...0....) Poll Bit - No Response Solicited
MM: (....00..)
Type: (......11) Unnumbered(U) Frame - Snap: EtherType = Internet IP (IPv4), OrgCode = XEROX CORPORATION
OrganizationCode: XEROX CORPORATION, 0(0x0000)
EtherType: Internet IP (IPv4), 2048(0x0800) - Ipv4: Src = 10.0.0.21, Dest = 10.0.0.1, Next Protocol = UDP, Packet ID = 18662, Total IP Length = 61
- Versions: IPv4, Internet Protocol; Header Length = 20
Version: (0100....) IPv4, Internet Protocol
HeaderLength: (....0101) 20 bytes (0x5)
- DifferentiatedServicesField: DSCP: 0, ECN: 0
DSCP: (000000..) Differentiated services codepoint 0
ECT: (......0.) ECN-Capable Transport not set
CE: (.......0) ECN-CE not set
TotalLength: 61 (0x3D)
Identification: 18662 (0x48E6)
- FragmentFlags: 0 (0x0)
Reserved: (0...............)
DF: (.0..............) Fragment if necessary
MF: (..0.............) This is the last fragment
Offset: (...0000000000000) 0
TimeToLive: 128 (0x80)
NextProtocol: UDP, 17(0x11)
Checksum: 56756 (0xDDB4)
SourceAddress: 10.0.0.21
DestinationAddress: 10.0.0.1 - Udp: SrcPort = 51429, DstPort = DNS(53), Length = 41
SrcPort: 51429
DstPort: DNS(53)
TotalLength: 41 (0x29)
Checksum: 1076 (0x434)
UDPPayload: SourcePort = 51429, DestinationPort = 53 - Dns: QueryId = 0xD7DF, QUERY (Standard query), Query for www.freebsd.org of type Host Addr on class Internet
QueryIdentifier: 55263 (0xD7DF)
- Flags: Query, Opcode - QUERY (Standard query), RD, Rcode - Success
QR: (0...............) Query
Opcode: (.0000...........) QUERY (Standard query) 0
AA: (.....0..........) Not authoritative
TC: (......0.........) Not truncated
RD: (.......1........) Recursion desired
RA: (........0.......) Recursive query support not available
Zero: (.........0......) 0
AuthenticatedData: (..........0.....) Not AuthenticatedData
CheckingDisabled: (...........0....) Not CheckingDisabled
Rcode: (............0000) Success 0
QuestionCount: 1 (0x1)
AnswerCount: 0 (0x0)
NameServerCount: 0 (0x0)
AdditionalCount: 0 (0x0)
- QRecord: www.freebsd.org of type Host Addr on class Internet
QuestionName: www.freebsd.org
QuestionType: A, IPv4 address, 1(0x1)
QuestionClass: Internet, 1(0x1)
response:
Frame: Number = 561, Captured Frame Length = 336, MediaType = WiFi- WiFi: [Unencrypted Data] F…..P, (I) RSSI = -44 dBm, Rate = Unknown
- MetaData: RSSI = -44 dBm, Rate = Unknown
Version: 2 (0x2)
Length: 32 (0x20)
- OpMode: Unknown operation mode(16)
StationMode: (...............................0) Not Station Mode
APMode: (..............................0.) Not AP Mode
ExtensibleStationMode: (.............................0..) Not Extensible Station Mode
Unused: (.0000000000000000000000000010...)
MonitorMode: (0...............................) Not Monitor Mode
Flags: 0 (0x0)
PhyType: 802.11n
Channel: Undefined channel with center frequency 2437, Center Frequency: 2437 MHz
lRSSI: -44 dBm
Rate: Unknown
TimeStamp: 01/14/2013, 13:21:07.176325 UTC
- FrameControl: Version 0,Data, Data, F.....P(0x4208)
Version: (..............00) 0
Type: (............10..) Data
SubType: (........0000....) Data
DS: (......10........) DS to STA via AP
MoreFrag: (.....0..........) No
Retry: (....0...........) No
PowerMgt: (...0............) Active Mode
MoreData: (..0.............) No
ProtectedFrame: (.1..............) Yes
Order: (0...............) Unordered
Duration: 44 (0x2C)
DA: 844BF5 B1B3A5
BSSID: 10BF48 D99340
SA: TRENDware International, Inc. 154533
- SequenceControl: Sequence Number = 3655
FragmentNumber: (............0000) 0
SequenceNumber: (111001000111....) 3655 - LLC: Unnumbered(U) Frame, Command Frame, SSAP = SNAP(Sub-Network Access Protocol), DSAP = SNAP(Sub-Network Access Protocol)
- DSAP: SNAP(Sub-Network Access Protocol), Individual DSAP
Address: (1010101.) SNAP(Sub-Network Access Protocol)
IG: (.......0) Individual Address
- SSAP: SNAP(Sub-Network Access Protocol), Command
Address: (1010101.) SNAP(Sub-Network Access Protocol)
CR: (.......0) Command Frame
- Unnumbered: UI - Unnumbered Information
MMM: (000.....) 0
PF: (...0....) Poll Bit - No Response Solicited
MM: (....00..)
Type: (......11) Unnumbered(U) Frame - Snap: EtherType = Internet IP (IPv4), OrgCode = XEROX CORPORATION
OrganizationCode: XEROX CORPORATION, 0(0x0000)
EtherType: Internet IP (IPv4), 2048(0x0800) - Ipv4: Src = 10.0.0.1, Dest = 10.0.0.21, Next Protocol = UDP, Packet ID = 45530, Total IP Length = 272
- Versions: IPv4, Internet Protocol; Header Length = 20
Version: (0100....) IPv4, Internet Protocol
HeaderLength: (....0101) 20 bytes (0x5)
- DifferentiatedServicesField: DSCP: 0, ECN: 0
DSCP: (000000..) Differentiated services codepoint 0
ECT: (......0.) ECN-Capable Transport not set
CE: (.......0) ECN-CE not set
TotalLength: 272 (0x110)
Identification: 45530 (0xB1DA)
- FragmentFlags: 0 (0x0)
Reserved: (0...............)
DF: (.0..............) Fragment if necessary
MF: (..0.............) This is the last fragment
Offset: (...0000000000000) 0
TimeToLive: 64 (0x40)
NextProtocol: UDP, 17(0x11)
Checksum: 46061 (0xB3ED)
SourceAddress: 10.0.0.1
DestinationAddress: 10.0.0.21 - Udp: SrcPort = DNS(53), DstPort = 51429, Length = 252
SrcPort: DNS(53)
DstPort: 51429
TotalLength: 252 (0xFC)
Checksum: 61812 (0xF174)
UDPPayload: SourcePort = 53, DestinationPort = 51429 - Dns: QueryId = 0xD7DF, QUERY (Standard query), Response - Success
QueryIdentifier: 55263 (0xD7DF)
- Flags: Response, Opcode - QUERY (Standard query), RD, RA, Rcode - Success
QR: (1...............) Response
Opcode: (.0000...........) QUERY (Standard query) 0
AA: (.....0..........) Not authoritative
TC: (......0.........) Not truncated
RD: (.......1........) Recursion desired
RA: (........1.......) Recursive query support available
Zero: (.........0......) 0
AuthenticatedData: (..........0.....) Not AuthenticatedData
CheckingDisabled: (...........0....) Not CheckingDisabled
Rcode: (............0000) Success 0
QuestionCount: 1 (0x1)
AnswerCount: 0 (0x0)
NameServerCount: 13 (0xD)
AdditionalCount: 0 (0x0)
- QRecord: www.freebsd.org of type Host Addr on class Internet
QuestionName: www.freebsd.org
QuestionType: A, IPv4 address, 1(0x1)
QuestionClass: Internet, 1(0x1)
- AuthorityRecord: of type NS on class Internet: K.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 20 (0x14)
AuthoritativeNameServer: K.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: L.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: L.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: M.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: M.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: A.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: A.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: B.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: B.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: C.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: C.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: D.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: D.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: E.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: E.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: F.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: F.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: G.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: G.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: H.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: H.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: I.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: I.ROOT-SERVERS.NET
- AuthorityRecord: of type NS on class Internet: J.ROOT-SERVERS.NET
ResourceName:
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 518400 (0x7E900)
ResourceDataLength: 4 (0x4)
AuthoritativeNameServer: J.ROOT-SERVERS.NET
windows data
C:\Users\rob>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : tsub
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MYDOMAIN.orgWireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : MYDOMAIN.org
Description . . . . . . . . . . . : Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
Physical Address. . . . . . . . . : 84-4B-F5-B1-B3-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3c04:875a:976e:7cdb%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 14, 2013 6:10:24 AM
Lease Expires . . . . . . . . . . : Monday, January 14, 2013 9:10:24 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 260328437
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-4B-72-FC-84-4B-F5-B1-B3-A5
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledC:\Users\rob>netsh interface ip show config
Configuration for interface "Wi-Fi"
DHCP enabled: Yes
IP Address: 10.0.0.21
Subnet Prefix: 10.0.0.0/24 (mask 255.255.255.0)
Default Gateway: 10.0.0.1
Gateway Metric: 0
InterfaceMetric: 25
DNS servers configured through DHCP: 10.0.0.1
Register with which suffix: Primary only
WINS servers configured through DHCP: NoneConfiguration for interface "Loopback Pseudo-Interface 1"
DHCP enabled: No
IP Address: 127.0.0.1
Subnet Prefix: 127.0.0.0/8 (mask 255.0.0.0)
InterfaceMetric: 50
Statically Configured DNS Servers: None
Register with which suffix: None
Statically Configured WINS Servers: None
Now, PC ivy, has an external DNS server as primary, the browser browses to freebsd.org. The firrst line is something that started recently, don't know what causes that yet, I have to disable and re-enable the NIC and it connects and works fine, the words are copied from the ever-unhelpful diagnostic from windsows.
Windows couldn't automatically bind the IP protocol stack to the network adapter.
ivy has an external primary DNS, this is how a freebsd query went on it:
query:
Frame: Number = 244, Captured Frame Length = 75, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-14-D1-15-45-33],SourceAddress:[8C-89-A5-D9-FC-46]
- DestinationAddress: TRENDware International, Inc. 154533 [00-14-D1-15-45-33]
Rsv: (000000..)
UL: (…...0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
- SourceAddress: 8C89A5 D9FC46 [8C-89-A5-D9-FC-46]
Rsv: (100011..)
UL: (…...0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
EthernetType: Internet IP (IPv4), 2048(0x800) - Ipv4: Src = 10.0.0.11, Dest = 70.85.0.141, Next Protocol = UDP, Packet ID = 8548, Total IP Length = 61
- Versions: IPv4, Internet Protocol; Header Length = 20
Version: (0100....) IPv4, Internet Protocol
HeaderLength: (....0101) 20 bytes (0x5)
- DifferentiatedServicesField: DSCP: 0, ECN: 0
DSCP: (000000..) Differentiated services codepoint 0
ECT: (......0.) ECN-Capable Transport not set
CE: (.......0) ECN-CE not set
TotalLength: 61 (0x3D)
Identification: 8548 (0x2164)
- FragmentFlags: 0 (0x0)
Reserved: (0...............)
DF: (.0..............) Fragment if necessary
MF: (..0.............) This is the last fragment
Offset: (...0000000000000) 0
TimeToLive: 128 (0x80)
NextProtocol: UDP, 17(0x11)
Checksum: 51295 (0xC85F)
SourceAddress: 10.0.0.11
DestinationAddress: 70.85.0.141 - Udp: SrcPort = 54357, DstPort = DNS(53), Length = 41
SrcPort: 54357
DstPort: DNS(53)
TotalLength: 41 (0x29)
Checksum: 36772 (0x8FA4)
UDPPayload: SourcePort = 54357, DestinationPort = 53 - Dns: QueryId = 0x428, QUERY (Standard query), Query for www.freebsd.org of type Host Addr on class Internet
QueryIdentifier: 1064 (0x428)
- Flags: Query, Opcode - QUERY (Standard query), RD, Rcode - Success
QR: (0...............) Query
Opcode: (.0000...........) QUERY (Standard query) 0
AA: (.....0..........) Not authoritative
TC: (......0.........) Not truncated
RD: (.......1........) Recursion desired
RA: (........0.......) Recursive query support not available
Zero: (.........0......) 0
AuthenticatedData: (..........0.....) Not AuthenticatedData
CheckingDisabled: (...........0....) Not CheckingDisabled
Rcode: (............0000) Success 0
QuestionCount: 1 (0x1)
AnswerCount: 0 (0x0)
NameServerCount: 0 (0x0)
AdditionalCount: 0 (0x0)
- QRecord: www.freebsd.org of type Host Addr on class Internet
QuestionName: www.freebsd.org
QuestionType: A, IPv4 address, 1(0x1)
QuestionClass: Internet, 1(0x1)
response:
Frame: Number = 245, Captured Frame Length = 306, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[8C-89-A5-D9-FC-46],SourceAddress:[00-14-D1-15-45-33]
- DestinationAddress: 8C89A5 D9FC46 [8C-89-A5-D9-FC-46]
Rsv: (100011..)
UL: (…...0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
- SourceAddress: TRENDware International, Inc. 154533 [00-14-D1-15-45-33]
Rsv: (000000..)
UL: (…...0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
EthernetType: Internet IP (IPv4), 2048(0x800) - Ipv4: Src = 70.85.0.141, Dest = 10.0.0.11, Next Protocol = UDP, Packet ID = 13655, Total IP Length = 292
- Versions: IPv4, Internet Protocol; Header Length = 20
Version: (0100....) IPv4, Internet Protocol
HeaderLength: (....0101) 20 bytes (0x5)
- DifferentiatedServicesField: DSCP: 0, ECN: 0
DSCP: (000000..) Differentiated services codepoint 0
ECT: (......0.) ECN-Capable Transport not set
CE: (.......0) ECN-CE not set
TotalLength: 292 (0x124)
Identification: 13655 (0x3557)
- FragmentFlags: 0 (0x0)
Reserved: (0...............)
DF: (.0..............) Fragment if necessary
MF: (..0.............) This is the last fragment
Offset: (...0000000000000) 0
TimeToLive: 54 (0x36)
NextProtocol: UDP, 17(0x11)
Checksum: 64901 (0xFD85)
SourceAddress: 70.85.0.141
DestinationAddress: 10.0.0.11 - Udp: SrcPort = DNS(53), DstPort = 54357, Length = 272
SrcPort: DNS(53)
DstPort: 54357
TotalLength: 272 (0x110)
Checksum: 6076 (0x17BC)
UDPPayload: SourcePort = 53, DestinationPort = 54357 - Dns: QueryId = 0x428, QUERY (Standard query), Response - Success, 8.8.178.110, 72.52.71.1
QueryIdentifier: 1064 (0x428)
- Flags: Response, Opcode - QUERY (Standard query), RD, RA, Rcode - Success
QR: (1...............) Response
Opcode: (.0000...........) QUERY (Standard query) 0
AA: (.....0..........) Not authoritative
TC: (......0.........) Not truncated
RD: (.......1........) Recursion desired
RA: (........1.......) Recursive query support available
Zero: (.........0......) 0
AuthenticatedData: (..........0.....) Not AuthenticatedData
CheckingDisabled: (...........0....) Not CheckingDisabled
Rcode: (............0000) Success 0
QuestionCount: 1 (0x1)
AnswerCount: 2 (0x2)
NameServerCount: 3 (0x3)
AdditionalCount: 5 (0x5)
- QRecord: www.freebsd.org of type Host Addr on class Internet
QuestionName: www.freebsd.org
QuestionType: A, IPv4 address, 1(0x1)
QuestionClass: Internet, 1(0x1)
- ARecord: www.freebsd.org of type CNAME on class Internet: wfe0.ysv.freebsd.org
ResourceName: www.freebsd.org
ResourceType: CNAME, Canonical name for an alias, 5(0x5)
ResourceClass: Internet, 1(0x1)
TimeToLive: 120 (0x78)
ResourceDataLength: 11 (0xB)
CName: wfe0.ysv.freebsd.org
- ARecord: wfe0.ysv.freebsd.org of type Host Addr on class Internet: 8.8.178.110
ResourceName: wfe0.ysv.freebsd.org
ResourceType: A, IPv4 address, 1(0x1)
ResourceClass: Internet, 1(0x1)
TimeToLive: 3600 (0xE10)
ResourceDataLength: 4 (0x4)
IPAddress: 8.8.178.110
- AuthorityRecord: freebsd.org of type NS on class Internet: ns3.isc-sns.info
ResourceName: freebsd.org
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 3229 (0xC9D)
ResourceDataLength: 18 (0x12)
AuthoritativeNameServer: ns3.isc-sns.info
- AuthorityRecord: freebsd.org of type NS on class Internet: ns1.isc-sns.net
ResourceName: freebsd.org
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 3229 (0xC9D)
ResourceDataLength: 17 (0x11)
AuthoritativeNameServer: ns1.isc-sns.net
- AuthorityRecord: freebsd.org of type NS on class Internet: ns2.isc-sns.com
ResourceName: freebsd.org
ResourceType: NS, Authoritative name server, 2(0x2)
ResourceClass: Internet, 1(0x1)
TimeToLive: 3229 (0xC9D)
ResourceDataLength: 17 (0x11)
AuthoritativeNameServer: ns2.isc-sns.com
- AdditionalRecord: ns1.isc-sns.net of type Host Addr on class Internet: 72.52.71.1
ResourceName: ns1.isc-sns.net
ResourceType: A, IPv4 address, 1(0x1)
ResourceClass: Internet, 1(0x1)
TimeToLive: 2291 (0x8F3)
ResourceDataLength: 4 (0x4)
IPAddress: 72.52.71.1
- AdditionalRecord: ns1.isc-sns.net of type AAAA on class Internet: 2001:470:1A:0:0:0:0:1
ResourceName: ns1.isc-sns.net
ResourceType: AAAA, IPv6 Address, 28(0x1c)
ResourceClass: Internet, 1(0x1)
TimeToLive: 2291 (0x8F3)
ResourceDataLength: 16 (0x10)
IPv6Address: 2001:470:1A:0:0:0:0:1
- AdditionalRecord: ns2.isc-sns.com of type Host Addr on class Internet: 38.103.2.1
ResourceName: ns2.isc-sns.com
ResourceType: A, IPv4 address, 1(0x1)
ResourceClass: Internet, 1(0x1)
TimeToLive: 559 (0x22F)
ResourceDataLength: 4 (0x4)
IPAddress: 38.103.2.1
- AdditionalRecord: ns3.isc-sns.info of type Host Addr on class Internet: 63.243.194.1
ResourceName: ns3.isc-sns.info
ResourceType: A, IPv4 address, 1(0x1)
ResourceClass: Internet, 1(0x1)
TimeToLive: 559 (0x22F)
ResourceDataLength: 4 (0x4)
IPAddress: 63.243.194.1
- AdditionalRecord: ns3.isc-sns.info of type AAAA on class Internet: 2001:5A0:10:0:0:0:0:1
ResourceName: ns3.isc-sns.info
ResourceType: AAAA, IPv6 Address, 28(0x1c)
ResourceClass: Internet, 1(0x1)
TimeToLive: 559 (0x22F)
ResourceDataLength: 16 (0x10)
IPv6Address: 2001:5A0:10:0:0:0:0:1
this is windows data
C:\Windows\system32>ipconfig /allWindows IP Configuration
Host Name . . . . . . . . . . . . : ivy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MYDOMAIN.orgEthernet adapter Ethernet:
Connection-specific DNS Suffix . : MYDOMAIN.org
Description . . . . . . . . . . . : Intel(R) 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : 8C-89-A5-D9-FC-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::45da:e57:cbd:2f17%17(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 14, 2013 8:09:11 AM
Lease Expires . . . . . . . . . . : Monday, January 14, 2013 10:09:11 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 210536869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-51-40-C9-8C-89-A5-D9-FC-46
DNS Servers . . . . . . . . . . . : 70.85.0.141
10.0.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-CC-5E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81ce:a421:e7bd:c1ec%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 252182567
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-51-40-C9-8C-89-A5-D9-FC-46
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : EnabledTunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{64BA4B2A-0261-447E-BB5D-120558063E49}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.MYDOMAIN.org:
Connection-specific DNS Suffix . : MYDOMAIN.org
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:10.0.0.11%24(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 70.85.0.141
10.0.0.1
NetBIOS over Tcpip. . . . . . . . : DisabledC:\Windows\system32>netsh interface ip show config
Configuration for interface "Ethernet"
DHCP enabled: Yes
IP Address: 10.0.0.11
Subnet Prefix: 10.0.0.0/24 (mask 255.255.255.0)
Default Gateway: 10.0.0.1
Gateway Metric: 0
InterfaceMetric: 10
Statically Configured DNS Servers: 70.85.0.141
10.0.0.1
Register with which suffix: Primary only
WINS servers configured through DHCP: NoneI don't know how to read this, the responses are different, the IP is in the response from an outside DNS, not in the pfsense response, but i have no idea where to go from here. I've set something stupid somewhere, but have no idea what and how I did anything any differently than previous installs of pfsense. thanks for any info
- WiFi: [Unencrypted Data] .T….., (I)
-
So when you asked pfsense for www.freebsd.org it responded with the root servers. This is could happen I guess when you ask a server for a recursive lookup for something its not authoritative for and it won't do recursive for you. Normally it should just be a refused response.
But I did that query to the NSers you have listed – and guess what
; <<>> DiG 9.8.1-P1 <<>> @__199.192.200.41__ www.freebsd.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33888
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available;; QUESTION SECTION:
;www.freebsd.org. IN A;; AUTHORITY SECTION:
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.;; Query time: 20 msec
;; SERVER: 199.192.200.41#53(199.192.200.41)
;; WHEN: Mon Jan 14 13:20:38 2013
;; MSG SIZE rcvd: 244
Now notice how fast the response was!! 20 ms – so pfsense by default as you saw in my wireshark trace send the query you ask it to ALL your dns listed. And the first one that responds wins.. So when you query for www.freebsd.org and this guy at 199.192.200.41 answers first with the root servers and a NOERROR as status - pfsense will just hand that back to you.
Remove that guy from your list of dns servers and your issues should go away, the other servers seemed to respond correctly from my test.
edit: I would only suggest you use good dns, that server might have been listed in your benchmark software, but he does not seem to respond to recursive queries..
I asked him for www.goggle.com for example - and again he responds with just the roots
; <<>> DiG 9.8.1-P1 <<>> @199.192.200.41 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6568
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available;; QUESTION SECTION:
;www.google.com. IN A;; AUTHORITY SECTION:
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.;; Query time: 20 msec
;; SERVER: 199.192.200.41#53(199.192.200.41)
;; WHEN: Mon Jan 14 13:28:07 2013
;; MSG SIZE rcvd: 243But he sure responds FAST ;) So he would be a problem child for all your dns stuff to be sure!! I would think you could be having more issues than your reporting with using him.
From a PTR query, that sure doesn't look like a legit public NS to me
;; ANSWER SECTION:
41.200.192.199.in-addr.arpa. 86400 IN PTR ct41.7wei.com.See where I bolded that he is not doing recursive lookups - he normally should respond with REFUSED vs sending you back roots.. But not sure what that box actually is or who configured it, or what its running for dns, etc.. etc.
This would also explain why you say it works for awhile and then stops working - if you get a response from one of the other NSers listed with the good info, then pfsense would hand that off to your client. But if he gets this garbage back of just roots, he would hand that off just as well. It doesn't know any better - just forwarding what your asking, and then returning what it gets back ;)
If your not happy with your ISP dns, or any of the other openpublic like google or open or norton, scrubit, etc. Then I would suggest 4.2.2.2 I have had good luck with it over many many years. I personally normally just run my own local that queries roots directly, this was working great when unbound was part of the distro.. And was suppose to be included with 2.1 but seems it has gotten put on the back burner. It will be great day when they fully integrate it into pfsense ;) And I always have my local copy of bind on my ubuntu box I can query, or I have box out in CA and some in EU I use for dns testing for geographic diversity when they are using geoip, etc.
Isn't DNS fun!!! ;)
-
THANKS!! I haven't tested it yet, but it sure sounds like the right answer. That DNS is one of 4 that DNSexit says I need to use, or at least one of them, there is an implication that the dynamic part won't work right if I don't use their server, but I've rarely used one of theirs, and been okay. I should have known better since DNSBench almost always failed on all 4of those, I assumed it was no response, which shouldn't matter, I'm not clever enough to realize that what I was getting was basically garbage. FUN FUN!
So far so good, got to freebsd, and ip-tools.com, and I just got this, the query without the period always returned the local address and had the local domain appended:
C:\Windows\system32>nslookup www.freebsd.org
Server: pfsense.fuckyouandfuckyourgod.org
Address: 10.0.0.1Non-authoritative answer:
Name: wfe0.ysv.freebsd.org
Addresses: 2001:1900:2254:206a::50:0
8.8.178.110
Aliases: www.freebsd.orgSo thanks again, you must be a shaman in the realms of the internet gods, I shall slaughter a goat to appease any lingering animosity they may hold for me.
-
"That DNS is one of 4 that DNSexit says I need to use"
Yes to point your domain to as your NS at your registrar, not to use for recursive lookups. That one returning roots is ns3.dnsexit.com
I just tested with your domain, and yes that server does respond as authoritative for your domain, but he does not allow recursive lookups. If those are the 4 your using… They have a really bad setup!!
Authoritative servers normally should NOT allow for recursive -- your just asking to be used in a dos, or have a dos against you. It would not be very difficult to keep those servers really really busy doing recursive to the point that they could not serve up the zones they are suppose to be authoritative for.. DNS can be used in an amplification type attack, you can send very small amounts of data, and get best more data in return. small query, large answer/work doing recursive.
And they claim 100% uptime since 1998?? From what I have seen I would have to say dumb luck ;)
None of those should be used as your forwarders in your pfsense setup. They are used when someone is looking up your domain. Not to be used when looking up freebsd.org or google.com, etc.
Just do whatever it is you do to keep your dynamic updated, I just looked and pfsense dynamic dns has dnsexit listed to keep updated on a wan IP change, etc..
As I stated before if you don't like your isp dns, there are other public dns you can use. googledns should work, if they don't have something close enough to you for your liking try the 4.2.2.2 one or 4.2.2.(1-6) works.
You could also use ntt servers - they allow public queries 129.250.35.250 or .251 you could use the ones at http://www.public-root.com/ they have 2 in US. You could use level3 -- they have a large dns setup, use 209.244.0.3 or .4
Or jut google for public name servers that you can query. But those you using are NO GOOD for recursive lookups ;)
-
That was the only dnsexit I was using, the rest came from running DNSBench, from Gibson Research Corp, at https://www.grc.com/default.htm , the site has a great deal of good info and tests, seems like a great resource, but probably too basic for you. The benchmark will configure itself with a custom list of dns servers to test, and the ones you mention he also has a great deal of praise for. It's surprising those aren't in my custom list, but I added them and they make a very good showing, so I'm adding the fastest one to the top of my list. Timewarner really sucks so I'm ignoring them. This is the first of about 54 servers tested.
Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)10. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
–--------------+-------+-------+-------+-------+-------+
+ Cached Name | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
+ Uncached Name | 0.018 | 0.065 | 0.236 | 0.053 | 100.0 |
+ DotCom Lookup | 0.019 | 0.030 | 0.063 | 0.012 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
pfsense.reality-works.org
Local Network Nameserver67.214. 64. 27 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.010 | 0.013 | 0.023 | 0.002 | 100.0 |
- Uncached Name | 0.034 | 0.117 | 0.399 | 0.092 | 100.0 |
- DotCom Lookup | 0.042 | 0.088 | 0.232 | 0.040 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
dns1.telwestonline.com
Corpus Christi Internal129.115.102.150 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.012 | 0.015 | 0.019 | 0.001 | 100.0 |
- Uncached Name | 0.025 | 0.082 | 0.266 | 0.062 | 100.0 |
- DotCom Lookup | 0.053 | 0.068 | 0.078 | 0.006 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
juliet.it.utsa.edu
University of Texas at San Antonio69.164.196. 21 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.014 | 0.017 | 0.022 | 0.002 | 100.0 |
- Uncached Name | 0.016 | 0.074 | 0.226 | 0.051 | 98.0 |
- DotCom Lookup | 0.016 | 0.029 | 0.148 | 0.022 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
ryujin.darkdna.net
Linode4. 2. 2. 4 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.014 | 0.017 | 0.026 | 0.002 | 100.0 |
- Uncached Name | 0.016 | 0.077 | 0.335 | 0.071 | 100.0 |
- DotCom Lookup | 0.034 | 0.074 | 0.141 | 0.037 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
d.resolvers.level3.net
Level 3 Communications156.154. 71. 1 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.015 | 0.017 | 0.024 | 0.002 | 100.0 |
- Uncached Name | 0.016 | 0.082 | 0.258 | 0.064 | 100.0 |
- DotCom Lookup | 0.018 | 0.055 | 0.086 | 0.014 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
rdns2.ultradns.net
NEUSTAR216.146. 36. 36 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.016 | 0.018 | 0.023 | 0.001 | 100.0 |
- Uncached Name | 0.018 | 0.064 | 0.213 | 0.046 | 98.0 |
- DotCom Lookup | 0.017 | 0.056 | 0.071 | 0.014 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
resolver2.dyndnsinternetguide.com
Dynamic Network Services4. 2. 2. 1 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0.014 | 0.018 | 0.030 | 0.003 | 100.0 |
- Uncached Name | 0.016 | 0.073 | 0.265 | 0.059 | 100.0 |
- DotCom Lookup | 0.035 | 0.062 | 0.129 | 0.024 | 100.0 |
---<-------->---+-------+-------+-------+-------+-------+
a.resolvers.level3.net
Level 3 CommunicationsThanks again, I've been using the system extensively and only a couple of stray failures, nothing out of the ordinary!!!!
Oh, and thanks to all of the guys behind pfsense, it's amazing how simple it all is and so so easy to set up, especially considering the power/versatility.
-
"so I'm adding the fastest one to the top of my list"
The order doesn't really matter - you do understand that pfsense queries all the ips listed at the same time, and then uses the one that answers first. Prob doesn't make a lot of sense to have more than a couple of them.
Nor is it going to make much different .016 vs .018 or .05 vs .06
Yeah I know Steve – he likes to make a lot of noise ;) Don't you recall how the raw sockets of XP was going to end the internet as we knew it? Or the whole WMF nonsense? I really wouldn't recommend that site to anyone, be careful of hype he likes to promote. Sure some basic info is there -- and he can explain things in simple terms, but no I wouldn't recommend that site to be honest. Do a simple google "What the World Thinks of Steve Gibson" some fun quotes to be read.
-
Wow, thanks for the heads up, I knew none of that, all I know of the guy before was his site, the utilities there, like ShieldsUp and DNSBench, which I'd seen recommended by somewhere reputable, seemed genuinely useful, and I don't have the technical chops to seriously evaluate much of any of it. That 'What the world…' page, pretty harsh. Well, great, now I feel even stupider, especially because empty hype disgusts me no end, and false hype is way worse. Have a good one.