DNS partially working
-
Sounds like a config issue on the laptops. Have you checked them to see if they're picking up the correct DNS details once they've connected to the wifi? If not, have they had their DNS settings configured statically? Are the firewall settings on the laptops set incorrectly? Have you tried running an nslookup from any of the laptops against an external/internal DNS server?
-
All of the laptops are running auto DNS and I even turned the firewall off on some to see what would happen and that didn't help. When I run nslookup I get dns request timed out, with the server being unknown.
-
and what IP is your nslookup defaulting too? Pfsense? Why can it not query it if up and running?
-
When I run nslookup I get dns request timed out, with the server being unknown.
Your DNS settings on your laptops are wrong. I repeat - did you run an nslookup against an EXTERNAL DNS server? Like 'nslookup www.google.com 8.8.8.8'. If that works, then the issue is with the DNS server your laptops are using.
-
So much text and yet zero information on what you have actually done. Start by showing us what is the IP address the clients are using for their DNS and how that relates to the interface and DHCP server settings on your pfSense. Also post your firewall rules on the VLAN interfaces.
-
To start off, the nslookup was against www.google.com 8.8.8.8 and got those results.
I'm using 8.8.8.8 and 8.8.4.4 for the DNS, set up in system, general.
-
Well your rules allow any any.. Yet your unable to directly query say google dns, that points to 53 being blocked up stream, or your isp doing intercepts or blocking of dns to anything other than their dns.
If your doing direct queries from your devices, what pfsense has setup for dns has nothing to do with the issue at all. Maybe your phones you use and or tablets are just using pfsense for dns, that is forwarding to your ISP dns? Which is allowed?
-
When I run nslookup I get dns request timed out, with the server being unknown.
Sigh… So what are the DNS settings on your laptops? Have you run an 'ipconfig /all' (Windows) or checked the /etc/resolv.conf (Linux) on any clients? If the server is timing out, either the address is wrong or your rules are preventing your DNS traffic from getting out. And for that matter, is the PFS being used as a DNS forwarder and your DHCP config setting the clients to use the firewall as their primary DNS, or have you set your DHCP settings to use an external DNS server?
Let's cut to the chase: Post your DHCP config (screenshot, please). Otherwise this just becomes a guessing game with no winners. Though judging from what you've said so far, I'm feeling pretty sure this has more to do with a misconfiguration on your laptops than anything to do with the firewall.
-
Here is the ipconfig/all from one of the laptops, I'm using DNS Resolver and have attached the screens as well and the DHCP.
-
your client got dhcp, and he is pointing to pfsense.. So do a nslookup.. What is that output?? If it times out then your client is not talking to pfsense on 53..
I just at a loss to why anyone would run unbound in forwarder mode and have dnssec disabled?? What a pointless setup… If all you want to do is forward why not just use dnsmasq.. Atleast it can query your dns in parallel.
So where exactly are you forwarding these queries too?? What is your dns settings in pfsense? Can pfsense even lookup anything.. Go to diag, dns lookup and lookup something like www.pfsense.org Post that..
what do think you are doing with that rrecc suffix??
