Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot resolve hostnames

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      WDen
      last edited by

      Hello,
      I have a pfSense setup like so:

      Internet>ISP Modem(gateway functionality disabled)>pfSense(2.3.4-RELEASE (amd64))>switch>computers
                                                                                      |-->Wireless router setup as AP

      Everything was working correctly until last night, when suddenly clients cannot resolve hostnames anymore.

      I am using DNS Resolver with the following configuration:

      
Enabled
Network Interfaces: All
Outgoing Network Interfaces: All
System Domain Local Zone Type: Transparent
DNSSEC: Enabled
DNS Query Forwarding: Disabled(unchecked)
DHCP Registration: Disabled(unchecked)
Static DHCP: Disabled(unchecked)

      Firewall rules are as follow:

      
	* 	* 	* 	LAN Address 	443
80 	* 	* 		Anti-Lockout Rule 	
	IPv4 * 	LAN net 	* 	* 	* 	* 	none 	  	Default allow LAN to any rule 	
	IPv6 * 	LAN net 	* 	* 	* 	* 	none 	  	Default allow LAN IPv6 to any rule

      On my Dashboard, DNS Servers only shows 127.0.0.1. Note that before this showed the ISPs DNS servers, I still had the same issue.

      From pfSense, I can run ping, DNS Lookup, both work properly. I've also run dig cnn.com from shell and it works.

      From Client computer, I can ping 8.8.8.8, pfSense(192.168.1.1), I can ping WAN IP and WAN Gateway IP. I cannot ping www.google.com.
      Nslookup returns the following:

      
Default Server:  UnKnown
Address:  192.168.1.1

> set debug
> www.google.com
Server:  UnKnown
Address:  192.168.1.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
*** UnKnown can't find www.google.com: Query refused


      
nslookup www.google.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:400b:808::2004
          172.217.0.228

      I have uninstalled all packages. I also noticed that when I use a DNS Server that is not pfSense(192.168.1.1) everything works correctly.

      Could anyone help me with this issue? I'm not sure what else to try other than Resetting to Factory defaults, but I would prefer not to have to do that.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • lawrencedolL Offline
        lawrencedol
        last edited by

        This is an old post, but I just resolved this exact issue, which in my case turned out to be having DNSSEC enabled. Try disabling DNSSEC to see if your clients can then resolve names.

        Lawrence Dol
        Perfection is the enemy of excellence.
        pfSense on a recycled AMD AthlonII X3 435; 3GHz; 8 GiB

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.