Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS timeouts

    Scheduled Pinned Locked Moved DHCP and DNS
    11 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      Should I do to find out why the DNS is timing out?

      Yes, you should!  ;D

      But seriously, start at the client.  What is it using for DNS?  If it is using pfSense for DNS then you could check Diagnostics - DNS Lookup.  This will show you how fast pfSense is doing resolves with the DNS servers it knows about.  Do you have your config set to query DNS sequentially or in parallel? (Services - DNS Forwarder - DNS Query Forwarding - Query DNS servers sequentially)

      1 Reply Last reply Reply Quote 0
      • G
        godlyatheist
        last edited by

        @KOM:

        Should I do to find out why the DNS is timing out?

        Yes, you should!  ;D

        But seriously, start at the client.  What is it using for DNS?  If it is using pfSense for DNS then you could check Diagnostics - DNS Lookup.  This will show you how fast pfSense is doing resolves with the DNS servers it knows about.  Do you have your config set to query DNS sequentially or in parallel? (Services - DNS Forwarder - DNS Query Forwarding - Query DNS servers sequentially)

        The client is set to auto for the DNS, and pfSense has no value in the settings so it's using AT&T's DNS. The "query DNS servers sequentially" setting is unchecked. The time outs are random and after a couple of minutes I can access the site again.

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Perhaps an ISP DNS problem?  I would add some public DNS to pfSense like Google, Level 3 or others, and have them checked in parallel.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            so your using forwarder or resolver in pfsense?  Are you on 2.1.x or 2.2?

            So your client is auto, how about simple ipconfig /all will show you what its using for dns.

            dnsserver.png
            dnsserver.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • G
              godlyatheist
              last edited by

              Ipconfig shows the DNS is the pfSense box (attachment). Currently using 2.1.3 build. The "DNS forwarder" setting is checked under "Service - DNS Forwarder". I don't know if I'm using DNS forwarder or resolver, the install was set up according using the wizard.

              @KOM
              What do you mean by checking the DNS in parallel? Does it simple mean I put a DNS server into the DHCP server setting one by one?

              Untitled.png
              Untitled.png_thumb

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                That shows you using ipv6 as well to talk to pfsense?  On that fdec:fd86:354::1 address - is that actually correct and working?  Do you have ipv6 setup on pfsense, do you have it enabled in the lan rules to be able to talk to pfsense on IPv6 for dns?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  What do you mean by checking the DNS in parallel? Does it simple mean I put a DNS server into the DHCP server setting one by one?

                  No.  Put your DNS servers (including some 3rd-party like Google or Level3) into pfSense and then go to Services - DNS Forwarder - DNS Query Forwarding and ensure that Query DNS servers sequentially is unchecked.

                  1 Reply Last reply Reply Quote 0
                  • G
                    godlyatheist
                    last edited by

                    I looked under lan rule and ipv6 is enabled (just default setting, I didn't change it), please see attachment. Should I disable ipv6?

                    @KOM: Is the attached picture showing the correct place I would put in a third party DNS server?

                    ![lan rule.png](/public/imported_attachments/1/lan rule.png)
                    ![lan rule.png_thumb](/public/imported_attachments/1/lan rule.png_thumb)
                    dns.png
                    dns.png_thumb

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      No that is not where you put them, that hands those out to the dhcp clients of that dhcp server.

                      As to removing ipv6 on your lan interface rules - do you want to allow IPv6, do you use IPv6?  If you remove it and you have clients trying to use ipv6 it will generate noise in your logs because it would be blocked by default rule vs allowed via your allow rule there.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • G
                        godlyatheist
                        last edited by

                        @johnpoz:

                        No that is not where you put them, that hands those out to the dhcp clients of that dhcp server.

                        As to removing ipv6 on your lan interface rules - do you want to allow IPv6, do you use IPv6?  If you remove it and you have clients trying to use ipv6 it will generate noise in your logs because it would be blocked by default rule vs allowed via your allow rule there.

                        I won't touch the ipv6 stuff for now, since it's the default. I've put the alternative DNS sever into the settings page as suggested and I will monitor how well it works. Thanks to all who helped.

                        PS. Looks like I can only click "Thanks" for 1 person  :-\

                        DNS.jpg
                        DNS.jpg_thumb

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.