Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Request to pfSense.localdomain timed-out

    Scheduled Pinned Locked Moved General pfSense Questions
    32 Posts 5 Posters 7.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tushar
      last edited by

      Hello,

      Alomost no websites working. only youtube work flawlessly.

      sometimes redmondpie loads very slow.

      If i use 8.8.8.8 on my local machine all websites resolves perfect.

      tried everything restarted DNS service DHCP SNORT pfblockerNG.

      C:\Documents and Settings\tushar>nslookup www.pfsense.org
      Server:  pfSense.localdomain
      Address:  192.168.1.1
      
      DNS request timed out.
          timeout was 2 seconds.
      *** pfSense.localdomain can't find www.pfsense.org: Server failed
      
      C:\Documents and Settings\tushar>nslookup www.amazon.com
      Server:  pfSense.localdomain
      Address:  192.168.1.1
      
      DNS request timed out.
          timeout was 2 seconds.
      DNS request timed out.
          timeout was 2 seconds.
      *** Request to pfSense.localdomain timed-out
      
      C:\Documents and Settings\tushar>nslookup www.facebook.com
      Server:  google-public-dns-a.google.com
      Address:  8.8.8.8
      
      Non-authoritative answer:
      Name:    star-mini.c10r.facebook.com
      Address:  31.13.95.36
      Aliases:  www.facebook.com
      
      C:\Documents and Settings\kislay>nslookup www.pfsense.org
      Server:  google-public-dns-a.google.com
      Address:  8.8.8.8
      
      Non-authoritative answer:
      Name:    www.pfsense.org
      Address:  208.123.73.69
      
      ```![Screen Shot 2016-10-21 at 1.29.59 PM.png](/public/_imported_attachments_/1/Screen Shot 2016-10-21 at 1.29.59 PM.png)
      ![Screen Shot 2016-10-21 at 1.29.59 PM.png_thumb](/public/_imported_attachments_/1/Screen Shot 2016-10-21 at 1.29.59 PM.png_thumb)
      ![screenshot-192.168.1.1-2016-10-21-15-28-36.png](/public/_imported_attachments_/1/screenshot-192.168.1.1-2016-10-21-15-28-36.png)
      ![screenshot-192.168.1.1-2016-10-21-15-28-36.png_thumb](/public/_imported_attachments_/1/screenshot-192.168.1.1-2016-10-21-15-28-36.png_thumb)
      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        Do you have your ACLs setup?  Did you mess with those?

        To me from that permissions denied statement in the log I think you have your accesslist messed up.  And not allowing anyone to query the resolver.

        accesslist.jpg
        accesslist.jpg_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T Offline
          tushar
          last edited by

          nothing is messed up sir. i did nothing just started this morning when i tried to access some websites like redmondpie fb etc.

          don't know what happend

          screenshot-2-2016-10-21-19-31-31.png
          screenshot-2-2016-10-21-19-31-31.png_thumb
          screenshot-1-2016-10-21-19-27-30.png
          screenshot-1-2016-10-21-19-27-30.png_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            well without accesslist not going to be able to use resolver.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T Offline
              tushar
              last edited by

              what  "without accesslist not going to be able to use resolver"

              im using internet without any modification since one month. i didn't added or removed anything from access list.

              1 Reply Last reply Reply Quote 0
              • KOMK Offline
                KOM
                last edited by

                http://arstechnica.com/security/2016/10/dos-attack-on-major-dns-provider-brings-internet-to-morning-crawl/

                1 Reply Last reply Reply Quote 0
                • T Offline
                  tushar
                  last edited by

                  Sir KOM,

                  here if i put 8.8.8.8 on machine manually FB open flawlessly but on 192.168.1.1 pfsense ip nothing server not found. only youtube working fine fine

                  1 Reply Last reply Reply Quote 0
                  • KOMK Offline
                    KOM
                    last edited by

                    Yes, I understood that the first time you said it.  You are either having a DNS problem with your upstream or your configuration is somehow broken.  Since a couple of people are complaining about DNS today, I thought it might be related to the DDoS of DynDNS.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Online
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      Yeah there is a major ddos to a major dns provider going on right now.  If they are hosting the authoritative servers for domains your interested in looking up then you going to have a problem.

                      Looking up pfsense own name has nothing to do with outside dns though.  You have to have a access list to be able to query resolver.  I you can not query pfsense own name, then resolver not running, your not allowed because of accesslist or you have connectivity issue or something broke in the resolver.

                      
                      user@ubuntu:~$ dig pfsense.local.lan
                      
                      ; <<>> DiG 9.9.5-3ubuntu0.9-Ubuntu <<>> pfsense.local.lan
                      ;; global options: +cmd
                      ;; Got answer:
                      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4439
                      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                      
                      ;; OPT PSEUDOSECTION:
                      ; EDNS: version: 0, flags:; udp: 4096
                      ;; QUESTION SECTION:
                      ;pfsense.local.lan.             IN      A
                      
                      ;; ANSWER SECTION:
                      pfsense.local.lan.      3600    IN      A       192.168.9.253
                      
                      ;; Query time: 2 msec
                      ;; SERVER: 192.168.9.253#53(192.168.9.253)
                      ;; WHEN: Fri Oct 21 11:00:03 CDT 2016
                      ;; MSG SIZE  rcvd: 62
                      
                      

                      I pulled my local network out of the access list

                      
                      user@ubuntu:~$ dig pfsense.local.lan
                      
                      ; <<>> DiG 9.9.5-3ubuntu0.9-Ubuntu <<>> pfsense.local.lan
                      ;; global options: +cmd
                      ;; Got answer:
                      ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24649
                      ;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
                      ;; WARNING: recursion requested but not available
                      
                      ;; Query time: 1 msec
                      ;; SERVER: 192.168.9.253#53(192.168.9.253)
                      ;; WHEN: Fri Oct 21 11:01:21 CDT 2016
                      ;; MSG SIZE  rcvd: 12
                      
                      

                      I upped the logging level in my resolver.

                      
                      Oct 21 11:03:29 	unbound 	71253:1 	debug: refused query from ip4 192.168.9.8 port 57371 (len 16)
                      Oct 21 11:03:29 	unbound 	71253:1 	debug: refuse[41:0] 5C7C010000010000000000000C7361666562726F7773696E6706676F6F676C6503636F6D0000010001
                      Oct 21 11:03:29 	unbound 	71253:1 	debug: refused query from ip4 192.168.9.8 port 57371 (len 16)
                      Oct 21 11:03:29 	unbound 	71253:1 	debug: refuse[41:0] 5C7C010000010000000000000C7361666562726F7773696E6706676F6F676C6503636F6D0000010001
                      Oct 21 11:03:29 	unbound 	71253:1 	debug: refused query from ip4 192.168.9.8 port 57371 (len 16)
                      Oct 21 11:03:24 	unbound 	71253:0 	debug: refuse[50:0] 6BE4010000010000000000000F6C6F672D72747332342D69616430310764657669636573046E65737403636F6D0000010001
                      Oct 21 11:03:24 	unbound 	71253:0 	debug: refused query from ip4 192.168.4.96 port 47019 (len 16) 
                      
                      

                      You can see it refusing queries from my local network.

                      Do you have this checked or unchecked?

                      doyouhavethischecked.jpg
                      doyouhavethischecked.jpg_thumb

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • N Offline
                        NOYB
                        last edited by

                        For me resolver is unable to resolve at least these two domans:
                        github.com
                        twitter.com

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ Online
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          yeah those are listed as two of the domains that are hosted there..

                          github.com.            172800  IN      NS      ns1.p16.dynect.net.
                          github.com.            172800  IN      NS      ns3.p16.dynect.net.
                          github.com.            172800  IN      NS      ns2.p16.dynect.net.
                          github.com.            172800  IN      NS      ns4.p16.dynect.net.

                          twitter.com.            172800  IN      NS      ns1.p34.dynect.net.
                          twitter.com.            172800  IN      NS      ns2.p34.dynect.net.
                          twitter.com.            172800  IN      NS      ns3.p34.dynect.net.
                          twitter.com.            172800  IN      NS      ns4.p34.dynect.net.

                          dynect.net is what is under ddos.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • T Offline
                            tushar
                            last edited by

                            its unchecked no modification done on this page.

                            only youtube is working properly…. How to correct my dns resolver if it get corrupted

                            1.png
                            1.png_thumb

                            1 Reply Last reply Reply Quote 0
                            • T Offline
                              tushar
                              last edited by

                              I plugged Linksys RV042 everything working fine. just pfSense having problem unbound DNS resolving…

                              Any hope for broken Unbound DNS resolver or fresh install again?? :-\

                              1 Reply Last reply Reply Quote 0
                              • JeGrJ Offline
                                JeGr LAYER 8 Moderator
                                last edited by

                                Yet again. Nothing todo with Unbound per se. Just try some different upstream DNS servers to test. I had problems a few days ago, too and adding e.g. an opendns and another local free dns server in addition to 8.8.8.8 helped solving it as even the Google DNS couldn't resolve twitter and github anymore. A few others had other cache timings etc. so could still resolve them. That helped.

                                Also restart/refresh unbound so it resolves the domains again and doesn't use negative caching against you.
                                Use "ipconfig /flushdns" as you're using windows. That caches negative DNS, too.
                                Not everything is simply a pfSense problem ;)

                                Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                1 Reply Last reply Reply Quote 0
                                • T Offline
                                  tushar
                                  last edited by

                                  @JeGr:

                                  Yet again. Nothing todo with Unbound per se. Just try some different upstream DNS servers to test. I had problems a few days ago, too and adding e.g. an opendns and another local free dns server in addition to 8.8.8.8 helped solving it as even the Google DNS couldn't resolve twitter and github anymore. A few others had other cache timings etc. so could still resolve them. That helped.

                                  Also restart/refresh unbound so it resolves the domains again and doesn't use negative caching against you.
                                  Use "ipconfig /flushdns" as you're using windows. That caches negative DNS, too.
                                  Not everything is simply a pfSense problem ;)

                                  i did what you said still same. check screenshots what settings i do more….

                                  screenshot-2016-10-24-15-45-30.png
                                  screenshot-2016-10-24-15-45-30.png_thumb
                                  screenshot-2016-10-24-15-46-22.png
                                  screenshot-2016-10-24-15-46-22.png_thumb
                                  screensht-2016-10-24-15-44-31.png
                                  screensht-2016-10-24-15-44-31.png_thumb

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ Online
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    Ya think maybe your pfblocker dns might have something to do it it ;)

                                    lets go over this again..  Can you query pfsense own name from something on your network?

                                    example

                                    dig pfsense.local.lan

                                    ; <<>> DiG 9.11.0 <<>> pfsense.local.lan                                 
                                    ;; global options: +cmd                                                   
                                    ;; Got answer:                                                           
                                    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51432                 
                                    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

                                    ;; OPT PSEUDOSECTION:                                                     
                                    ; EDNS: version: 0, flags:; udp: 4096                                     
                                    ;; QUESTION SECTION:                                                     
                                    ;pfsense.local.lan.            IN      A

                                    ;; ANSWER SECTION:                                                       
                                    pfsense.local.lan.      3600    IN      A      192.168.9.253

                                    ;; Query time: 1 msec                                                     
                                    ;; SERVER: 192.168.9.253#53(192.168.9.253)                               
                                    ;; WHEN: Mon Oct 24 06:24:07 Central Daylight Time 2016                   
                                    ;; MSG SIZE  rcvd: 62

                                    nslookup pfsense.local.lan
                                    Server:  pfsense.local.lan
                                    Address:  192.168.9.253

                                    Name:    pfsense.local.lan
                                    Addresses:  2001:470:snipped::1
                                              192.168.9.253

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • T Offline
                                      tushar
                                      last edited by

                                      Yes Sir,

                                      lubuntu@lubuntu:~$ dig pfsense.local.lan
                                      
                                      ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.local.lan
                                      ;; global options: +cmd
                                      ;; Got answer:
                                      ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7057
                                      ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
                                      
                                      ;; OPT PSEUDOSECTION:
                                      ; EDNS: version: 0, flags:; udp: 4096
                                      ;; QUESTION SECTION:
                                      ;pfsense.local.lan.		IN	A
                                      
                                      ;; AUTHORITY SECTION:
                                      .			3559	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2016102400 1800 900 604800 86400
                                      
                                      ;; Query time: 46 msec
                                      ;; SERVER: 127.0.1.1#53(127.0.1.1)
                                      ;; WHEN: Mon Oct 24 17:03:25 IST 2016
                                      ;; MSG SIZE  rcvd: 121
                                      
                                      lubuntu@lubuntu:~$ dig pfsense.local.lan
                                      
                                      ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.local.lan
                                      ;; global options: +cmd
                                      ;; Got answer:
                                      ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11851
                                      ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
                                      
                                      ;; OPT PSEUDOSECTION:
                                      ; EDNS: version: 0, flags:; udp: 4096
                                      ;; QUESTION SECTION:
                                      ;pfsense.local.lan.		IN	A
                                      
                                      ;; AUTHORITY SECTION:
                                      .			3499	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2016102400 1800 900 604800 86400
                                      
                                      ;; Query time: 0 msec
                                      ;; SERVER: 127.0.1.1#53(127.0.1.1)
                                      ;; WHEN: Mon Oct 24 17:08:44 IST 2016
                                      ;; MSG SIZE  rcvd: 121
                                      
                                      
                                      lubuntu@lubuntu:~$ nslookup pfsense.local.lan
                                      Server:		127.0.1.1
                                      Address:	127.0.1.1#53
                                      
                                      ** server can't find pfsense.local.lan: NXDOMAIN
                                      
                                      

                                      See only youtube working very fine only….

                                      lubuntu@lubuntu:~$ dig www.youtube.com
                                      
                                      ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.youtube.com
                                      ;; global options: +cmd
                                      ;; Got answer:
                                      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42624
                                      ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
                                      
                                      ;; OPT PSEUDOSECTION:
                                      ; EDNS: version: 0, flags:; udp: 4096
                                      ;; QUESTION SECTION:
                                      ;www.youtube.com.		IN	A
                                      
                                      ;; ANSWER SECTION:
                                      www.youtube.com.	86385	IN	CNAME	youtube-ui.l.google.com.
                                      youtube-ui.l.google.com. 286	IN	A	216.58.220.206
                                      
                                      ;; Query time: 0 msec
                                      ;; SERVER: 127.0.1.1#53(127.0.1.1)
                                      ;; WHEN: Mon Oct 24 17:25:42 IST 2016
                                      ;; MSG SIZE  rcvd: 94
                                      
                                      
                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ Online
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        And u are doing query to loopback 127.0.1.1 not pfsense where is ur linix box sending tahat query?

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                                        1 Reply Last reply Reply Quote 0
                                        • T Offline
                                          tushar
                                          last edited by

                                          @johnpoz:

                                          And u are doing query to loopback 127.0.1.1 not pfsense where is ur linix box sending tahat query?

                                          ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.localdomain
                                          ;; global options: +cmd
                                          ;; Got answer:
                                          ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19430
                                          ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                                          
                                          ;; OPT PSEUDOSECTION:
                                          ; EDNS: version: 0, flags:; udp: 4096
                                          ;; QUESTION SECTION:
                                          ;pfsense.localdomain.		IN	A
                                          
                                          ;; ANSWER SECTION:
                                          pfsense.localdomain.	3600	IN	A	192.168.2.1
                                          
                                          ;; Query time: 0 msec
                                          ;; SERVER: 127.0.1.1#53(127.0.1.1)
                                          ;; WHEN: Mon Oct 24 20:43:19 IST 2016
                                          ;; MSG SIZE  rcvd: 64
                                          
                                          
                                          lubuntu@lubuntu:~$ nslookup pfsense.localdomain
                                          Server:		127.0.1.1
                                          Address:	127.0.1.1#53
                                          
                                          Name:	pfsense.localdomain
                                          Address: 192.168.2.1
                                          
                                          

                                          Small correction pfsense.localdomain not pfsense.local.lan. This  is all what i get dig output, using same configuration since 16days no reboot. suddenly stopped resolving hostnames,  somehow only youtube working fine without any problem.

                                          should i need to specify dns ip also - System/General Setup/ DNS Server setting

                                          also using some packages like SNORT, pfblockerNG, squid proxy transparent mode. ClamAV.

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ Online
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            U need to query pfsense directly with ur dig command because where is linux actualy sending that quer? U are doing query to itself

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.