DNS with latest 2.1
-
Hmmm, I was actually going to ask if you were also implementing IPv6 mdpugh. Weird… I'm investigating further... when I manually update to a build from the 16 the problem persisted... But just as you are saying I had no issues until using this latest build...
-
And what is the problem exactly? So your saying dns just doesn't work at all?
Have you queried pfsense directly with nslookup or dig - does it work then? Have you verified that dnsmasq is running on pfsense? Have you queried for host override to pfsense that you have setup? Does that work, or does only doing queries to outside domains not work?
Have you did a sniff on wan of pfsense - does it send the queries?
If dns was broken in the pfsense latest builds - I would think there would be a FLOOD of posts about it, don't you? So lets dig into your specific issue a bit, or we are never going to get anywhere with what problem your seeing.
And btw, yes I do queries to IPv6 dns and not having any issues with seeing those responses. Did a quick sniff on pfsense wan for dns ipv6, then queried pfsense for some gibberish site. As you can see it sent the request to its ipv6 ns server I have setup, and got back nx
-
So this is only broken within the packages menu, everything else seems to work just fine. I'm going to fire up tcpdump and post my results shortly…
-
So this is only broken within the packages menu, everything else seems to work just fine. I'm going to fire up tcpdump and post my results shortly…
Your problem is not the same as the original poster of this thread. I split yours off into a separate thread because it didn't belong here.
-
No I have not done all the tests you suggest. And I could fix this problem with a bypass effort.
I stress again: every couple of weeks I have updated to the newest snapshot. Suddenly DNS went astray. At that point, I initially troubleshot my own DNS servers thinking that was the problem. But soon enough I resorted to unchanging everything I had recently changed (and before you ask, Phil, I did this systematically–so as to narrow the scope)--which meant backing up to a previous version of pfSense--and that's when the problem was resolved. A couple of weeks later, I updated to the newest snapshot again with the same ill results. Something is wrong: if not with pfSense then at least with the snapshot mechanism. DNS is broken every time. EVERY time.
I have been around long enough to know how to logically troubleshoot. I should add that I have two pfSense boxes CARPed. They both experience the same issue when updated to the new snapshot. I know I'm not crazy--I know something got muddled; I'll even help you fix it--but I just about guarantee you somebody edited this code and added or deleted a single pertinent symbol. BTDT.
-
And all of that means nothing if we can't reproduce it… All the troubleshooting skill in the world doesn't help us figure it out if you don't share the details. Even if you could provide the exact snapshot that does work and then the first one you tried that doesn't work it would help.
It doesn't appear to be happening to anybody else, so it must be something specific to your setup, but we'll need a lot more info to go on if there is any hope of tracking it down. The other person in this thread who claimed to have "the same" problem did not have a DNS issue.
If it was as simple as someone changing a bit of code incorrectly, it would be happening to many people, not just (apparently) you. It must be something more subtle.
-
Jim,
You are absolutely right; but–all I did was update the snapshot on these machines. I did not reconfigure anything in hardware or software. I've been doing that for months with success. Suddenly, things did not work. If it had happened on only one machine, I would be inclined to agree wholeheartedly with you--but the fact that the problem was immediately duplicated just by updating to the newer snapshot convinces me that there is a problem on your end. If I'm wrong (and suddenly things start working again), I will happily tuck my tail and move on.
If the problem is on my end, it must be because I have a configuration that, on two machines, suddenly failed without adjustment. Surely you see that is unlikely. If you can propose a scenario in which that is an obvious outcome, I am all ears and I will proceed considerably wiser.
Just to be on the safe side, is there a way I can send you a record of my configuration? And denote it in such a way that you'll know whom it's coming from?
-
You can point fingers where ever you want, you're going to have to provide more than "DNS is broke" when it broke only for you and no one else when 4576 unique public IPs have downloaded 2.1 updates in that time.
-
Chris,
TWO machines. I will gladly provide you with whatever info you need as I just stated. Just tell me how to do so. I'm just trying to get a problem fixed–I don't understand why you're getting defensive. Well, maybe I do--but this is a problem that needs to be fixed. I would love it if I could just download and install the latest snapshot and everything automagically works.
In fact, I'm going to try that. Cross your fingers.
-
If there is a problem, I'd love to fix it. But to fix it, I need details about how it broke for you. You could have had an invalid configuration that happened to work by chance, and some other verification took place that "broke" your setup that was really broken the whole time.
Nobody else can reproduce it but you, apparently, so we can't just search around in vain and hope we stumble on an answer. If we can't reproduce it that means we also can't check to make sure it has been fixed.
The only way we'll ever know is if you provide us with the information we asked for earlier in the thread, or more. I already provided a list of information we need.
-
xu.int.compughterworx.com - resolv.conf:
domain compughterworx.com
nameserver 127.0.0.1
nameserver 2001:470:20::2
nameserver 2001:4de0:1000:a3::2
nameserver 68.105.28.16
nameserver 10.0.1.13yau.int.compughterworx.com - resolv.conf:
domain compughterworx.com
nameserver 127.0.0.1
nameserver 2001:470:20::2
nameserver 2001:4de0:1000:a3::2
nameserver 68.105.28.16
nameserver 10.0.1.13Loopback.
HE.
SixSX.
Cox.
Local.I haven't changed this configuration in better than a year.
BTW, Jim, I somehow missed your request for this specific info, and I'm sorry. My bust entirely. Please bear with me.
-
Well, fellows, I stand now with tossed salad and scrambled eggs on my face. The latest snapshot is working. I am sorry I fingered anybody–it's a byproduct of the way I'm wired I think; but you guys came through and I am corrected. I'm so glad this is working again. :)
-
Edit: found another thread with my real issue.
