Stalled on 'Resolving Hosts...' in web browser despite good 'nslookups' and 'dns lookups'

lukewilliams

Hello.

I have been having some major issues with dns resolution in my web brwoser.
I have the DNS Resolver and Forwarder on.
DNS Lookups in pfsense return results just fine.
nslookup on the client return results just fine.
But Chrome sits on 'Resolving Hosts...' forever despite my best efforts...

Any help/suggestions would be super welcome.

Thank you

lukewilliams

So I have disabled the DNS Forwarder and set all my DNS Servers in the General Setup to point to my WAN IP (I think I still have an old IP cached there from my last setup, so I assigned it statically in case it was causing issues pointing to the wrong IP). I also disabled DNSSEC for now. Lookup times from the router are faster but the same issues seem to be persisting in the web browser... any suggestions would be much appreciated.

Gertjan

Running both the Forwarder (on port 54 ??) and the Resolver == makes no sense.
You should use one of them, never both (except some very rare situations).

It's known that the Resolver can't be using DNSSEC if it is in Forwarder mode, and you use this mode.
So yes, stop DNSSEC and it starts to work.

You could also use the Forwarder (port 53, right ^^) - shut down the Resolver ! and all will be fine if you really want to all DNS requests to these 208.67.222.222 etc (and Google).

lukewilliams

Thank you. I have turned off the DNS Forwarder.

Should I still have the Enable Forwarding Mode option Enabled?

(Here is the new setup I have for the Resolver)

chpalmer

Is there a reason you need to use a forwarder specifically?

Try this- https://www.grc.com/dns/benchmark.htm

lukewilliams

No reason. I am just trying to setup up pfSense to work nicely and smoothly.
I have no turned off the Resolver, enabled the Forwarder, and things seem to be working nicely.
I am also running the benchmark and will adjust from there.
So far just using the Forwarder has made a positive difference.

Gertjan

@lukewilliams said in Stalled on 'Resolving Hosts...' in web browser despite good 'nslookups' and 'dns lookups':

No reason. I am just trying to setup up pfSense to work nicely and smoothly.

What works very good : leave DNS as is was when you installed pfSense.
That means : Resolver (unbound) activated.
Forwarder (dnsmasq) NOT activated.

Btw :

The Resolver (unbound) has a "Forwarder mode" - not to be mixed up with the Forwarder. Using this mode, the Resolver will forward all requests to the DNS(s) you have have entered manually on the System > General Settings tab. But, by default, there are none because the Resolver uses by default the 13 "hard coded" core Internet root servers.

So, again : no settings changes are needed for a working DNS.

lukewilliams

@gertjan OKay thanks for that. I'll make those changes and see how that affects things. Appreciate the feedback.