SOLVED - New install - ping to FQDN fails. No DNS requests are resolved.

pete

Guessing here that Excede DNS servers IP's are:

edns02.wildblue.net ['75.104.233.7']
edns03.prod.wdc1.wildblue.net ['75.104.236.8']
edns01.prod.wdc1.wildblue.net ['75.104.236.7']
edns04.wildblue.net ['75.104.233.8']

Is this what you see using Excede?

If so try this:

Checking google dns server first:

nslookup redhat.com 8.8.8.8

nslookup -port 53 redhat.com 8.8.8.8

nslookup -port 5353 redhat.com 8.8.8.8

then an Excede DNS server

nslookup redhat.com 75.104.233.7

logbuilder

@pete Thanks for the reply. These results seem interesting. Hopefully they make sense to you.

As assigned from Exede modem:

IP Address:
172.242.247.xx
Subnet Mask:
255.255.240.0
Default Gateway:
172.242.240.1

DNS Primary: 99.196.99.99
DNS Secondary: 99.197.99.99

I did the commands you suggested. Here are results:

nslookup redhat.com 8.8.8.8 - worked properly
nslookup -port 53 redhat.com 8.8.8.8 - didn't work due to syntax error. Maybe -port is not supported in windows?
nslookup redhat.com 99.196.99.99 - worked properly
nslookup yahoo.com - failed due to timeout. Server was pfsense.localdomain and Address was 192.168.1.1

pete

Thank you Logbuilder.

Apologies. The Windows command line nslookup stuff is a bit different than in Linux.

Most important info is the Excede DNS servers:

DNS Primary: 99.196.99.99
DNS Secondary: 99.197.99.99

Next go to:

System tab
General Setup
DNS Server Settings

What are the IPs of the DNS servers configured?

logbuilder

@pete

In pfSense machine when attached to Exede modem:

In System/General, the only DNS entry showed 'none'. There were two options in the drop down. I didn't change a thing.

In looking at the System Information on the main page, I see this:

DNS server(s)
127.0.0.1
99.196.99.99
99.197.99.99

BTW, I just looked in System/DNS Resolver and see that it is checked Active.

pete

Skipping steps here and will rewind a bit.

Do the following:

Enter the two DNS servers:

99.196.99.99
99.197.99.99

Here:

System tab
General Setup
DNS Server Settings
and
on the right drop down put your WAN interface for each DNS server IP.

Go to
Services
DNS Resolver

uncheck the box

Enable DNS resolver

Click on Save on the bottom of the page

Do you have a monitor / keyboard connected to your PFSense Box?

If you do enter 8 (shell) for a terminal prompt.

Rewind part:

Excede hijacks any DNS queries and redirects the queries to their DNS servers. Reading a bit you can bypass the bypassing by using non standard DNS ports. IE: 5353 for google DNS entries.

Go back to your PFSense Dashboard.

logbuilder

On my System/General screen, I don't have an option to add a specific IP address as a DNS Server. A drop down next to the selection only has 3 choices. Attached is a screen print. I do seem to remember that on the DNS Resolver screen you can add specific DNS entries. I also recall that in the install wizard would have allowed me to enter specific IPs for DNS servers but I left them blank. I imagine that would have established them for the Resolver. I have disabled the DNS Resolver as you requested. Still not resolving.

![ADD DNS Servers screen.jpg](/public/imported_attachments/1/ADD DNS Servers screen.jpg)
![ADD DNS Servers screen.jpg_thumb](/public/imported_attachments/1/ADD DNS Servers screen.jpg_thumb)

pete

Yes just enter first DNS IP and pick the WAN_DHCP on the right.

Click on the + to add second DNS IP and pick the WAN_DHCP on the right.

Save settings.

Were you able to get to the shell command line prompt from the PFSense command line menu?

At this prompt try doing some nslookup stuff at this prompt.

What do you see when you do this?

Exit to exit the terminal window will bring you back to the menu.

For the Windows PC do a release on the DHCP IP request a new DHCP address or reboot computer, then go to a terminal windows and try doing some nslookups. For the browser clear the browser cache.

The use of a non standard DNS port concern has been brought up here on the forum.

Not sure how your speeds will be affected using the unbound DNS resolver enabled. Try it and see what happens.

hxxps://forum.pfsense.org/index.php?topic=127892.0

the install wizard would have allowed me to enter specific IPs for DNS servers but I left them blank.

The Wizard will install the DNS entries in the settings mentioned above.

logbuilder

Got the 2 servers added (99.196.99.99 and 99.197.99.99. I was looking at that screen wrong.

From Diagnostics screen I entered command prompt. Results:

nslookup yahoo.com - worked fine
nslookup redhat.com 8.8.8.8 - worked fine

Back on my win laptop:

Unplugged ethernet cable to refresh the DHCP.
Checked ipconfig to confirm it refreshed. It did.
Did some pings and nslookups with FQDNs.
IT WORKS!
Also was able to surf to a web page so DNS got a small workout. Didn't see any broken links.

It is resolving using 99.196.99.99

What I want to do now is power everything down and bring it all back up and make sure it still works.
I'll report report back in a few minutes.

My POST of this reply will be from the pfSense machine.

logbuilder

Powered down Exede modem, pfSense firewall, laptop.
Powered all on.
Ran several tests and it is working.

Thanks so much for your help @pete

So to recap what I think we did:

Turned off DNS Resolver. This apparently removed 127.0.0.1 from my DNS server list.
In System/General we added two external (Exede in my case) DNS servers

That's great! Just backed up the config.

That was the first step in my network reconfig. Next I need to add three routers all in AP mode to LAN, OPT1, OPT2.

pete

Great news logbuilder!