Request to pfSense.localdomain timed-out
-
For me resolver is unable to resolve at least these two domans:
github.com
twitter.com -
yeah those are listed as two of the domains that are hosted there..
github.com. 172800 IN NS ns1.p16.dynect.net.
github.com. 172800 IN NS ns3.p16.dynect.net.
github.com. 172800 IN NS ns2.p16.dynect.net.
github.com. 172800 IN NS ns4.p16.dynect.net.twitter.com. 172800 IN NS ns1.p34.dynect.net.
twitter.com. 172800 IN NS ns2.p34.dynect.net.
twitter.com. 172800 IN NS ns3.p34.dynect.net.
twitter.com. 172800 IN NS ns4.p34.dynect.net.dynect.net is what is under ddos.
-
its unchecked no modification done on this page.
only youtube is working properly…. How to correct my dns resolver if it get corrupted
-
I plugged Linksys RV042 everything working fine. just pfSense having problem unbound DNS resolving…
Any hope for broken Unbound DNS resolver or fresh install again?? :-\
-
Yet again. Nothing todo with Unbound per se. Just try some different upstream DNS servers to test. I had problems a few days ago, too and adding e.g. an opendns and another local free dns server in addition to 8.8.8.8 helped solving it as even the Google DNS couldn't resolve twitter and github anymore. A few others had other cache timings etc. so could still resolve them. That helped.
Also restart/refresh unbound so it resolves the domains again and doesn't use negative caching against you.
Use "ipconfig /flushdns" as you're using windows. That caches negative DNS, too.
Not everything is simply a pfSense problem ;) -
Yet again. Nothing todo with Unbound per se. Just try some different upstream DNS servers to test. I had problems a few days ago, too and adding e.g. an opendns and another local free dns server in addition to 8.8.8.8 helped solving it as even the Google DNS couldn't resolve twitter and github anymore. A few others had other cache timings etc. so could still resolve them. That helped.
Also restart/refresh unbound so it resolves the domains again and doesn't use negative caching against you.
Use "ipconfig /flushdns" as you're using windows. That caches negative DNS, too.
Not everything is simply a pfSense problem ;)i did what you said still same. check screenshots what settings i do more….
-
Ya think maybe your pfblocker dns might have something to do it it ;)
lets go over this again.. Can you query pfsense own name from something on your network?
example
dig pfsense.local.lan
; <<>> DiG 9.11.0 <<>> pfsense.local.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51432
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pfsense.local.lan. IN A;; ANSWER SECTION:
pfsense.local.lan. 3600 IN A 192.168.9.253;; Query time: 1 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Mon Oct 24 06:24:07 Central Daylight Time 2016
;; MSG SIZE rcvd: 62nslookup pfsense.local.lan
Server: pfsense.local.lan
Address: 192.168.9.253Name: pfsense.local.lan
Addresses: 2001:470:snipped::1
192.168.9.253 -
Yes Sir,
lubuntu@lubuntu:~$ dig pfsense.local.lan ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.local.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7057 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pfsense.local.lan. IN A ;; AUTHORITY SECTION: . 3559 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016102400 1800 900 604800 86400 ;; Query time: 46 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Oct 24 17:03:25 IST 2016 ;; MSG SIZE rcvd: 121lubuntu@lubuntu:~$ dig pfsense.local.lan ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.local.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11851 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pfsense.local.lan. IN A ;; AUTHORITY SECTION: . 3499 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016102400 1800 900 604800 86400 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Oct 24 17:08:44 IST 2016 ;; MSG SIZE rcvd: 121lubuntu@lubuntu:~$ nslookup pfsense.local.lan Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find pfsense.local.lan: NXDOMAINSee only youtube working very fine only….
lubuntu@lubuntu:~$ dig www.youtube.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.youtube.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42624 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.youtube.com. IN A ;; ANSWER SECTION: www.youtube.com. 86385 IN CNAME youtube-ui.l.google.com. youtube-ui.l.google.com. 286 IN A 216.58.220.206 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Oct 24 17:25:42 IST 2016 ;; MSG SIZE rcvd: 94 -
And u are doing query to loopback 127.0.1.1 not pfsense where is ur linix box sending tahat query?
-
And u are doing query to loopback 127.0.1.1 not pfsense where is ur linix box sending tahat query?
; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.localdomain ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19430 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pfsense.localdomain. IN A ;; ANSWER SECTION: pfsense.localdomain. 3600 IN A 192.168.2.1 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Oct 24 20:43:19 IST 2016 ;; MSG SIZE rcvd: 64lubuntu@lubuntu:~$ nslookup pfsense.localdomain Server: 127.0.1.1 Address: 127.0.1.1#53 Name: pfsense.localdomain Address: 192.168.2.1Small correction pfsense.localdomain not pfsense.local.lan. This is all what i get dig output, using same configuration since 16days no reboot. suddenly stopped resolving hostnames, somehow only youtube working fine without any problem.
should i need to specify dns ip also - System/General Setup/ DNS Server setting
also using some packages like SNORT, pfblockerNG, squid proxy transparent mode. ClamAV.
-
U need to query pfsense directly with ur dig command because where is linux actualy sending that quer? U are doing query to itself
-
i dont know why 127.0.0.1 unbound unable to resolve domain names. only youtube working. Do i need to update some kind of cache of unbound DNS?
-
Well ur linux box is most likly not asking pfsemse
-
any idea what i do now, because 127.0.0.1 not resolving domains…..... DNS look also keep searching but nothing
NOTE:-- tested this - when i do DNS Query Forwarding - Enabled and put google DNS 8.8.8.8 in System/General setup eveything works normal. But before that i use to keep uncheck DNS Query and no DNS in System/General everything just works fine....
-
dude so when you query the pfsense directly??
dig @pfsenseIP pfsense.localdomainname.tld
does that respond or not?
On pfsense using the resolver and pointing to itself, can it resolve other domains?
Your problem is your linux is asking some service running local, that does what? does it forward to what?
Its possible pfsense resolver is having an issue talking to roots and the authoritative ns. But it should be able to resolve its own name when asked by itself or other clients
Its also possible you just don't have an Accesslist that allows your client to even query pfsense for anything that the resolver can resolve either your own local names or host overrides or outside.
-
; <<>> DiG 9.10.3-P4-Ubuntu <<>> pfsense.localdomain ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1336 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pfsense.localdomain. IN A ;; ANSWER SECTION: pfsense.localdomain. 3600 IN A 192.168.2.1 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue Oct 25 01:37:58 IST 2016 ;; MSG SIZE rcvd: 64
-
ok so you can query pfsense local name, and you can query some domains.
You need to figure out why you can not query those… Set up your debug level in unbound and try the queries again and see what it says?
Do a query direct to the ns for facebook.com
dig @a.ns.facebook.com www.facebook.com
; <<>> DiG 9.11.0 <<>> @a.ns.facebook.com www.facebook.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64707
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available;; QUESTION SECTION:
;www.facebook.com. IN A;; ANSWER SECTION:
www.facebook.com. 3600 IN CNAME star-mini.c10r.facebook.com.;; AUTHORITY SECTION:
facebook.com. 172800 IN NS a.ns.facebook.com.
facebook.com. 172800 IN NS b.ns.facebook.com.;; ADDITIONAL SECTION:
a.ns.facebook.com. 172800 IN AAAA 2a03:2880:fffe:c:face:b00c:0:35
a.ns.facebook.com. 172800 IN A 69.171.239.12
b.ns.facebook.com. 172800 IN AAAA 2a03:2880:ffff:c:face:b00c:0:35
b.ns.facebook.com. 172800 IN A 69.171.255.12;; Query time: 15 msec
;; SERVER: 69.171.239.12#53(69.171.239.12)
;; WHEN: Mon Oct 24 17:30:50 Central Daylight Time 2016
;; MSG SIZE rcvd: 186Maybe your having ipv6 issues? Maybe your isp is doing something with your dns queries?
Do a +trace with did to see what might be failing? the resolver works completely different than forwarding. You walk the tree down from roots too the authoritative server. If your internet connection has problems to these authoritative servers then you can have issues.
Change over to the forwarder if your having issues with resolving, or put the resolver in forwarder mode - most likely have to turn off dnssec if where you forward doesn't support it.
-
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.facebook.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42715 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.facebook.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue Oct 25 10:32:57 IST 2016 ;; MSG SIZE rcvd: 45lubuntu@lubuntu:~$ traceroute www.facebook.com www.facebook.com: Temporary failure in name resolution Cannot handle "host" cmdline arg `www.facebook.com' on position 1 (argc 1)lubuntu@lubuntu:~$ traceroute www.google.com traceroute to www.google.com (216.58.220.196), 30 hops max, 60 byte packets 1 pfSense.localdomain (192.168.2.1) 0.227 ms 0.248 ms 0.156 ms 2 192.168.1.1 (192.168.1.1) 2.080 ms 2.485 ms 2.654 ms 3 103.30.141.1 (103.30.141.1) 33.453 ms 33.419 ms 33.363 ms 4 172.25.24.66 (172.25.24.66) 33.535 ms 50.011 ms 49.956 ms 5 172.25.24.17 (172.25.24.17) 49.919 ms 49.871 ms 49.848 ms 6 172.25.24.78 (172.25.24.78) 49.344 ms 48.722 ms 49.034 ms 7 103.14.124.125 (103.14.124.125) 48.936 ms 47.614 ms 47.483 ms 8 108.170.238.13 (108.170.238.13) 46.678 ms 37.054 ms 36.928 ms 9 216.58.220.196 (216.58.220.196) 36.913 ms 18.125 ms 18.031 ms lubuntu@lubuntu:~$
-
devs any idea about this why im not able to resolve domains, only youtube and google.com working fine?
-
Well lets track one specific thing that you say does not resolve..
So for example… How do you think this .localdomain is going to resolve???
tools.ietf.org.localdomain
Seems your tacking on .localdomain to your queries.. Yeah those are going to FAIL every time!!
Looks like your also trying to do ipv6 which is failing.
Also what part do you NOT get about doing a query to pfsense directly... Your asking something running on your linux box.. your asking 127.0.1.1 which is loopback.. Where is it asking??? Pfsense? Maybe something else? You don't freaking know, etc.. So in your dig command directly query pfsense IP..
Dig @pfsenseIP what.yourlooking.for
Do a query direct to your pfsense IP for facebook.. If that fails, then look in your resolver log to why, etc.
