Strange DNS Resolution

christophdb

Hi everybody,
I have a huge problem with pfsense and my new internet carrier. Please help me to locate the problem because right now I am more then frustrated and have no more ideas…

here is my minimal setup:

• static SDSL internet connection with static IP (Provider is HessenKom)
• Cisco Series 800 Router (provided by HessenKom)
• PFSense 2.1.3 (WAN: fixed IP 37.148.137.58; LAN: 192.168.1.1)
• Zyxel Switch (192.168.1.2)
• PC with LAN-Cable (192.168.1.100 = DHCP)

Problem:
I have internet access because I can open google.de and heise.de on the PC. I could search google and I updated the PFSense to the latest version. BUT most other pages could not be loaded. www.spiegel.de, www.tagesschau.de and many others are not found.

What I already tried:
first I thought it must be a problem with the DNS setup. So I changed the provided DNS Server of hessenKom (109.235.47.195) against the DNS-Servers of google (8.8.8.8 and 8.8.4.4). Still the same problem. I tried to ping the pages directly from PFSense and I received a real weard IP for spiegel.de. I tried traceroute but I seems like google.de is available and spiegel.de or tagesschau.de is not available.
I attached many screenshots with more information.

Thanks in advance for your help
Christoph

** it seems that the upload function is not working right now or has problems with my screenshots.. Therefore you can find some screenshots of the problem on of my domains: http://build.bigtoe.de/pfsense/

johnpoz

that is the right ip for

ping www.spiegel.de
PING www.spiegel.de (72.52.9.240) 56(84) bytes of data.
64 bytes from unknown.prolexic.com (72.52.9.240): icmp_seq=1 ttl=242 time=455 ms
64 bytes from unknown.prolexic.com (72.52.9.240): icmp_seq=2 ttl=242 time=444 ms

as to your traceroute - that is odd for sure..  works here, make sure you pick wan as your source interface.  You haven't put a gateway on your lan interface have you?

Traceroute output:

1  24.13.xx.xx  10.001 ms  9.106 ms  17.270 ms
2  68.85.180.133  9.035 ms  9.398 ms  9.312 ms
3  68.85.176.61  13.454 ms
    68.86.187.197  16.377 ms
    68.87.211.121  10.803 ms
4  68.86.88.1  14.114 ms  11.883 ms  11.906 ms
5  64.86.137.29  11.648 ms  10.782 ms  18.892 ms
6  * * 216.6.99.45  37.482 ms
7  66.198.111.17  39.345 ms  37.978 ms  39.309 ms
8  * * *
9  216.6.87.54  40.112 ms  39.167 ms  39.405 ms
10  209.200.144.41  38.765 ms  37.794 ms  38.049 ms
11  72.52.9.240  37.275 ms  37.743 ms  37.319 ms

snipped IP of my first hop for privacy.

christophdb

Hey Johnpoz,

thanks for your quick reply. You are right. The IP is correct and belongs to spiegel.de. It first thought it has to be wrong because if you directly access the ip the spiegel.de page is not shown…
So this means the DNS resolution is correct, right?

That means as consequence it has to be some filter roules or some wrong settings?
Do you have any idea where to look at?

The installation is as clean as possible therefore there are no blocking rules. Also I could not really image that wrong settings are the problem because google.de is working without problem. Any guesses or ideas? Should I post more screenshots of some pages?

What do you mean with gateway for the lan interface? The lan interface provides DHCP to the clients and of cause the pfsense firewall is the default gateway for all clients. Might there be a problem with the cisco router? I don't know the ip of the cisco modem and as far as my provider told me I don't have to change anything on this piece of hardware...

Best regards
Christoph

christophdb

Hi johnpoz and everybody else,
finally I found the problem. The subnet was wrongly defined. I changed from 34.xxx.xxx.xxx/24 to 34.xxx.xxx.xxx/30 and now everything works perfect.
Still strange that google works and other pages not.
Thanks for your help and best regards
Christoph