Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS_PROBE_FINISHED_BAD_CONFIG

    Scheduled Pinned Locked Moved DHCP and DNS
    11 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by Derelict

      Your best bet is probably the university support line.

      As far as I know my university doesn't allow all DNS servers and in their setup guide they just tell the user to select "obtain DNS automatically".

      So did you do that or did you define DNS servers in System > General ?

      It looks like you both defined google DNS and set gateways on them.

      What do you get in Diagnostics > DNS Lookup for something like www.cnn.com?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      S 1 Reply Last reply Reply Quote 0
      • S
        sashpta @Derelict
        last edited by sashpta

        @derelict we don't have a support line, we have some ppl who are called "admins" but all they do is add your device to the database, so you aren't blocked out.

        I added the DNS servers I have on my laptop (which uses wifi and wasn't connected to pfsense) and i tried Google's DNS servers. But that didn't help.
        At the moment there is no DNS server in "general settings"

        I got to get this running on the university's network (https://wiki.archlinux.org/index.php/Internet_sharing) and I was hoping if this works then it can't be that much more difficult to get pfsense running

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          What do you get in Diagnostics > DNS Lookup for something like www.cnn.com?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            What shows for WAN in Status > Interfaces?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S
              sashpta
              last edited by

              I think every device registered in the network is given a DNS Server. I'll do some more research on that. But my idea would be to put that DNS server in "General Settings" and then (in theory) the DNS problem should be gone right?

              DNS Lookup cnn.com:
              alt text

              Status > interfaces:
              alt text

              Status -> Systemlogs -> System -> gateways:
              alt text

              Last 50 Firewall Logs: https://hastebin.com/oyijijamix.nginx

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                @sashpta said in DNS_PROBE_FINISHED_BAD_CONFIG:

                I think every device registered in the network is given a DNS Server. I'll do some more research on that. But my idea would be to put that DNS server in "General Settings" and then (in theory) the DNS problem should be gone right?

                What you have looks like it is working but those error: 65 messages indicate the connection is pretty unreliable.

                Here is the list of things to check:

                https://www.netgate.com/docs/pfsense/routing/no-buffer-space-available.html

                In a nutshell, it means that your WAN is down at the time.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • S
                  sashpta
                  last edited by sashpta

                  Error 65 seems to be fixed now.
                  I assume I connected the wrong cable at some point and then the internet is blocked since it thinks it's an unregistered device...
                  That is fixed now

                  I found out which "DNS name" is listed in the university's network database for the machine that's running pfsense.
                  I guess I can try to add that...
                  I also have the option to "Remove IPv6 Autoconf Address for DNS" in the terminal of my university's network
                  ("This setting is about whether our DNS server returns the IPv6 autoconf address of your device to the other devices. They use this information when contacting your device")

                  But the dns error is still there...
                  alt text

                  Dns lookup now is also different
                  alt text

                  1 Reply Last reply Reply Quote 0
                  • S
                    sashpta
                    last edited by

                    uhm, so the DNS-Server that's listed in the Database can't be used. Since it's an IPv6 address.
                    on my desktop I have this as DNS, can we somehow get something similar to pfsense?

                    # Generated by NetworkManager
search fem.tu-ilmenau.de net.fem.tu-ilmenau.de
nameserver 192.168.82.252
nameserver 192.168.82.251
nameserver fd66:656d:0:82::2
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver fd66:656d:0:82::3
                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by Derelict

                      If you absolutely have to use only certain name servers (192.168.82.251 and 192.168.82.252) then you need to use either the DNS forwarder or DNS resolver in forwarding mode. Else the DNS resolver will try to do just that - resolve names using all DNS servers configured in the zone (NS records) being queried from the roots down.

                      I would try unchecking DNSSEC and checking forwarding mode in the DNS resolver settings and see if that helps.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      S 1 Reply Last reply Reply Quote 1
                      • S
                        sashpta @Derelict
                        last edited by

                        @derelict Thank you, I'll try that.
                        Unfortunately, I am not at home for a week, but when I am back, I'll try your solution and give you an update.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.