DNS Resolver Log Error sending queries to 1.1.1.1
-
We're seeing it as well. While we're investigating this issue, it seems to work with quad9 so I suggest you try it.
-
UPDATE: This morning I was not able to resolve any DNS Queries until I removed the CLOUDFLARE Config. My pfsense router cannot connect to either CLOUDFLARE Name Server over TLS.
-
We're seeing it as well. While we're investigating this issue, it seems to work with quad9 so I suggest you try it.
Yep, I switched to Quad9, and so far no issues working with them over 853.
If it makes any difference, I'm using a SG-2220 appliance.
EDIT:
It occurs to me the above is probably not that helpful overall, so…
System Netgate SG-2220 BIOS Vendor: coreboot Version: ADI_DFF2-01.00.00.17-nodebug Release Date: Mon Sep 18 2017 Version 2.4.3-RELEASE (amd64) built on Wed Mar 28 16:32:48 CDT 2018 FreeBSD 11.1-RELEASE-p7 CPU Type Intel(R) Atom(TM) CPU C2338 @ 1.74GHz 2 CPUs: 1 package(s) x 2 core(s) AES-NI CPU Crypto: Yes (active) Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM Kernel PTI Enabled -
Thank you! I will try the QUAD9 Server.
-
We have updated the blog post with Quad9 settings https://www.netgate.com/blog/dns-over-tls-with-pfsense.html
-
The Quad9 IPV4 and IPV6 resolvers are all working for me over TLS/853 with the same settings I was trying to use for CloudFlare.
¯_(ツ)_/¯
-
I'm also getting the following error once i switch to using cloudflare
There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
@ 2018-04-04 19:21:23This is using 2.4.3 w/8gb of mem.
I'm pretty sure I saw this was being looked at in 2.4.4
-
Do we have to wait for an update for this to be fixed? Was anybody successful in getting the Cloudflare config to work?
Thanks!
-
Do we have to wait for an update for this to be fixed? Was anybody successful in getting the Cloudflare config to work?
Thanks!
It worked until this morning so I left the config in place and added entries for Quad9 as well. If they both provide the DNS TLS might as well have both in the list.
-
Do we have to wait for an update for this to be fixed? Was anybody successful in getting the Cloudflare config to work?
Thanks!
It worked until this morning so I left the config in place and added entries for Quad9 as well. If they both provide the DNS TLS might as well have both in the list.
The point is to be able to use Cloudflare as the primary DNS since their service is faster.
-
Do we have to wait for an update for this to be fixed? Was anybody successful in getting the Cloudflare config to work?
Thanks!
It worked until this morning so I left the config in place and added entries for Quad9 as well. If they both provide the DNS TLS might as well have both in the list.
The point is to be able to use Cloudflare as the primary DNS since their service is faster.
Agree but it does not work for me. If I only have Cloudflare in my config I cannot resolve.
Apr 5 09:08:16 unbound 70814:1 error: SSL_read syscall: Connection reset by peer
Quad9 works though.
-
The Cloudflare settings still are not working and Cloudflare is reporting that they are not experiencing any service problems. Perhaps they have made some change that either inadvertently or deliberately blocks this? Regardless, it seems that it isn’t likely to work “as is”.
Hope I’m wrong.
-
The Cloudflare settings still are not working and Cloudflare is reporting that they are not experiencing any service problems. Perhaps they have made some change that either inadvertently or deliberately blocks this? Regardless, it seems that it isn’t likely to work “as is”.
Hope I’m wrong.
I was reading a post on one of the forums and some there seems to think this is a pfsense issue with the Cloudflare certificate.
-
The Cloudflare settings still are not working and Cloudflare is reporting that they are not experiencing any service problems. Perhaps they have made some change that either inadvertently or deliberately blocks this? Regardless, it seems that it isn’t likely to work “as is”.
Hope I’m wrong.
I was reading a post on one of the forums and some there seems to think this is a pfsense issue with the Cloudflare certificate.
Stange thing is, it worked for two days before it stopped at @ Midnight local two nights ago.
-
https://tech.slashdot.org/story/18/04/05/0420247/1111-cloudflares-new-dns-attracting-gigabits-per-second-of-rubbish
If they can't handle the bogus traffic, maybe they should move to a host that specializes in DDoS protections… ;D ;D
-
^ exactly… Why anyone would even want to point their dns to this is beyond me....
-
^ exactly… Why anyone would even want to point their dns to this is beyond me....
Do you use QUAD9?
-
No I resolve with dnssec.. Not going to forward my queries to any specific dns thank you very much. I will just run my own resolver as it should be..
-
I use Quad9 and I find value in their service. I have had 2 issues with them and contacting Quad9 has been to my surprise very easy; they are very professional and responsive. They have addressed the issues rather quickly and have been kind enough to follow up with me.
-
Quad9 seems to provide a nice value-add by attaching block lists to their results. Likely a setup that you could easily recreate with pfSense, although something to be said for the ease of pointing to them & getting it for free. Also I'd assume they have access to more exhaustive lists than what we could maintain privately.
I'm actually in touch with their support right now and agree that they're pretty responsive. There's one or two hops between me and their service that drop lots of packets… Results in occasional long delays for a DNS lookup (at least, that's my theory as to why I see this). I sent them a couple example reports from mtr; maybe they'll have better luck contacting whomever is responsible for those systems than I would.
