Can not resolve a DNS
-
you don't need the ipv6.. Shoot I should of hid thouse.. Could you please delete that pic, I will delete mine and repost with thos hidden.
You need to put in the network your using.. What network are you using - if for example 172.16/12 then my acl would not work for you..
Your using 192.168.0/24 right.. So if that is the only network you query pfsense from then that would be in your allow list. So if you put in 192.168/16 like I have then it should work.. So your still not getting the root servers when you do a +trace from your client on 192.168 network??
Do the drill command on pfsense then.. Lets see where its failing.
-
Sorry John for posting the pic I removed it from my pc and post. My network is 192.168.0.1/24
-
Oh not on you at all!!! It was my bad for not seeing I posted a global IPv6 address… Thanks for removing it.. I reposted with the ipv6 obfuscated. In the big picture prob not a issue at all.. Normally I wouldn't care.. but as you can see from my neg karma number. Some people don't always like my posts ;) And vs doing the -1 which would be their right.. They hit it an hit it and hit it.. I know for sure about 60 of those came from 2 guys..
So with the ability to rent the very large botnets, I wouldn't put it past some people to think its funny to run a ddos against.. Yes I have my tinfoil hat on while typing this..
192.168.0.1/24 is not a network btw, that is a host address the 192.168.0.0/24 ;) So if your putting in ACL you can put in 192.168.0.0/24 or 192.168.0.0/16 is the full 192.168 rfc1918 space.
-
DW John remember the guys that try to help in this world get the slapped back instead of thank you, I read a post with a guy admitting was longing to pick one out with you and accused you that you dont know what you are talking about llooolll Some should learn from you. Now sorry for asking but should I go to Command Prompt in pfsense and type drill melita.com?
-
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59963
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; melita.com. IN A;; ANSWER SECTION:
melita.com. 36082 IN A 212.56.128.204;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 9 msec
;; SERVER: 212.56.132.20
;; WHEN: Mon Nov 28 20:00:06 2016
;; MSG SIZE rcvd: 44 -
yeah you need to -T with the drill command
drill -T melita.com
This should give you the full trace like dig would do..
So for example running it on my pfsense just now.
[2.3.2-RELEASE][root@pfsense.local.lan]/root: drill -T melita.com com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. melita.com. 172800 IN NS ns.melitacable.com. melita.com. 172800 IN NS ns1.melitacable.com. melita.com. 86400 IN A 212.56.128.204 melita.com. 86400 IN NS ns1.melitacable.com. melita.com. 86400 IN NS ns.melitacable.com. [2.3.2-RELEASE][root@pfsense.local.lan]/root:If fails try adding the -V 5 command so we get full details
drill -T -V 5 melita.com
-
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; . IN NS;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:10 2016
;; MSG SIZE rcvd: 0
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 201.79.228.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:10 2016
;; MSG SIZE rcvd: 0
. 518400 IN NS i.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS a.root-servers.net.
;; Received 492 bytes from 192.228.79.201#53(b.root-servers.net.) in 205 ms;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; melita.com. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:10 2016
;; MSG SIZE rcvd: 0
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 53.2.63.128.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:15 2016
;; MSG SIZE rcvd: 0
;; Received 488 bytes from 128.63.2.53#53(h.root-servers.net.) in 5154 ms;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; melita.com. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:16 2016
;; MSG SIZE rcvd: 0
melita.com. 172800 IN NS ns.melitacable.com.
melita.com. 172800 IN NS ns1.melitacable.com.
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 30.14.33.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:16 2016
;; MSG SIZE rcvd: 0
;; Received 107 bytes from 192.33.14.30#53(b.gtld-servers.net.) in 44 ms;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; melita.com. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:16 2016
;; MSG SIZE rcvd: 0
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; melita.com. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 21:12:46 2016
;; MSG SIZE rcvd: 0 -
So doesn't look like your getting any answer from the NS for that domain.
melita.com. 172800 IN NS ns.melitacable.com.
melita.com. 172800 IN NS ns1.melitacable.com.Query them directly!!
Their IPs I gave ealier, but here they are again.
ns1.melitacable.com. 86088 IN A 212.56.128.196
ns.melitacable.com. 86088 IN A 212.56.128.132so from pfsense
drill @212.56.128.196 melita.com
[2.3.2-RELEASE][root@pfsense.local.lan]/root: drill @212.56.128.196 melita.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 58179 ;; flags: qr aa rd ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;; melita.com. IN A ;; ANSWER SECTION: melita.com. 86400 IN A 212.56.128.204 ;; AUTHORITY SECTION: melita.com. 86400 IN NS ns1.melitacable.com. melita.com. 86400 IN NS ns.melitacable.com. ;; ADDITIONAL SECTION: ns.melitacable.com. 86400 IN A 212.56.128.132 ns1.melitacable.com. 86400 IN A 212.56.128.196 ;; Query time: 157 msec ;; SERVER: 212.56.128.196 ;; WHEN: Mon Nov 28 15:17:58 2016 ;; MSG SIZE rcvd: 123[2.3.2-RELEASE][root@pfsense.local.lan]/root: drill @212.56.128.132 melita.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 30011 ;; flags: qr aa rd ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;; melita.com. IN A ;; ANSWER SECTION: melita.com. 86400 IN A 212.56.128.204 ;; AUTHORITY SECTION: melita.com. 86400 IN NS ns1.melitacable.com. melita.com. 86400 IN NS ns.melitacable.com. ;; ADDITIONAL SECTION: ns.melitacable.com. 86400 IN A 212.56.128.132 ns1.melitacable.com. 86400 IN A 212.56.128.196 ;; Query time: 158 msec ;; SERVER: 212.56.128.132 ;; WHEN: Mon Nov 28 15:18:55 2016 ;; MSG SIZE rcvd: 123 [2.3.2-RELEASE][root@pfsense.local.lan]/root: -
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; . IN NS;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:28:30 2016
;; MSG SIZE rcvd: 0
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 4.36.112.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:28:30 2016
;; MSG SIZE rcvd: 0
. 518400 IN NS d.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS i.root-servers.net.
;; Received 492 bytes from 192.112.36.4#53(G.ROOT-SERVERS.NET.) in 63 ms;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 212.56.128.196. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:28:33 2016
;; MSG SIZE rcvd: 0
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 212.56.128.196. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:28:48 2016
;; MSG SIZE rcvd: 0
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016112801 1800 900 604800 86400
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 12.4.33.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:28:48 2016
;; MSG SIZE rcvd: 0
;; Received 107 bytes from 192.33.4.12#53(c.root-servers.net.) in 58 ms -
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; . IN NS;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:31:41 2016
;; MSG SIZE rcvd: 0
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 4.36.112.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:31:41 2016
;; MSG SIZE rcvd: 0
. 518400 IN NS b.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS c.root-servers.net.
;; Received 492 bytes from 192.112.36.4#53(G.ROOT-SERVERS.NET.) in 62 ms;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 212.56.128.132. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:31:41 2016
;; MSG SIZE rcvd: 0
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 212.56.128.132. IN A;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:31:57 2016
;; MSG SIZE rcvd: 0
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016112801 1800 900 604800 86400
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; 12.4.33.192.in-addr.arpa. IN PTR;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; WHEN: Mon Nov 28 22:31:57 2016
;; MSG SIZE rcvd: 0
;; Received 107 bytes from 192.33.4.12#53(c.root-servers.net.) in 56 ms -
dude what are you doing???? If your going to paste something please paste the actual command you are running..
Those are not from the commands I gave you..
drill @212.56.128.132 melita.com
-
Sorry but when I did drill @212.56.128.132 melita.com it comes up with nothing
-
comes up with nothing?? You mean you just get blank line??
Can you ping that IP
[2.3.2-RELEASE][root@pfsense.local.lan]/root: ping 212.56.128.132
PING 212.56.128.132 (212.56.128.132): 56 data bytes
64 bytes from 212.56.128.132: icmp_seq=0 ttl=54 time=158.707 ms
64 bytes from 212.56.128.132: icmp_seq=1 ttl=54 time=157.865 ms
64 bytes from 212.56.128.132: icmp_seq=2 ttl=54 time=156.402 ms
64 bytes from 212.56.128.132: icmp_seq=3 ttl=54 time=156.760 mswhat do you mean comes up with nothing?? Doesn't give you a failure doesn't give you a time out? Just nothing??
even if use some BS IP that doesn't answer dns.. you get something..
[2.3.2-RELEASE][root@pfsense.local.lan]/root: drill @212.56.1.1 melita.com
Error: error sending query: Could not send or receive, because of network error
[2.3.2-RELEASE][root@pfsense.local.lan]/root: -
It loads for a while then turn back this way
-
Dude!!! Run the command from a shelll prompt please… SSH to pfsense!!!
-
-
Dude!!!…
Goin' on for months now, I think you need to come to Malta :)
https://forum.pfsense.org/index.php?topic=107947.msg601506#msg601506 -
Yeah I thought this was a familiar domain ;) But I currently resolve it without any issue.. But can not seem to get the OP to post up stuff that validates he is having issues talking to the NS..
If I can reslove it from this side of the planet.. you would think he should not have any issues when he is on the same part of the planet as the NS ;)
But yeah info has been like teeth pulling with a pair of chopsticks..
@Chrismallia could you just give me remote access to your pfsense?? This would make it so much easier to figure out what the actual issue is.. Other than the domain in question has issues with their dns.. I just want to validate that you can not even talk to their NS..
-
…But can not seem to get the OP to post up stuff that validates he is having issues talking to the NS..
Curious to know if @Chrismallia still uses the Malteser-ISP DNS-server anywhere in his pfSense config…
(and just not a clean use of the pfSense Resolver on 127.0.0.1). -
I would be curious as well.. I am hoping he will just give me remote access and can put this to bed finally ;)
