Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver Host Override not working in Windows

    Scheduled Pinned Locked Moved
    DHCP and DNS
    3
    28
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      OK, you're definitely talking to pfsense for DNS. You queried it for www.facebook.com and it returned a result for both IPv4 and IPv6. Did you add the host override for www.facebook.com?

      S 1 Reply Last reply Reply Quote 0
      • S
        shawn8888 @KOM
        last edited by shawn8888

        @KOM
        Yes!
        dns1.png

        And for testing and fun, I disabled DNS resolver and run nslookup in Windows, and still able to resolve. Does that make any sense?

        c:\>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

c:\>nslookup www.facebook.com
Server:  UnKnown
Address:  192.168.100.2

Non-authoritative answer:
Name:    star-mini.c10r.facebook.com
Addresses:  2a03:2880:f10e:83:face:b00c:0:25de
          157.240.14.35
Aliases:  www.facebook.com
        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          So you have something else listening on 53 on pfsense then and not unbound..

          lets see what is listening on 53

          [2.4.4-RELEASE][admin@sg4860.local.lan]/: sockstat | grep :53
unbound  unbound    42007 3  udp4   192.168.3.253:53      *:*
unbound  unbound    42007 4  tcp4   192.168.3.253:53      *:*
unbound  unbound    42007 5  udp6   2001:470:snipped:3::253:53 *:*
unbound  unbound    42007 6  tcp6   2001:470:snipped:3::253:53 *:*
unbound  unbound    42007 7  udp4   192.168.9.253:53      *:*
unbound  unbound    42007 8  tcp4   192.168.9.253:53      *:*
unbound  unbound    42007 9  udp4   192.168.2.253:53      *:*
unbound  unbound    42007 10 tcp4   192.168.2.253:53      *:*
unbound  unbound    42007 11 udp4   192.168.6.253:53      *:*
unbound  unbound    42007 14 tcp4   192.168.6.253:53      *:*
unbound  unbound    42007 15 udp4   192.168.4.253:53      *:*
unbound  unbound    42007 16 tcp4   192.168.4.253:53      *:*
unbound  unbound    42007 17 udp4   192.168.7.253:53      *:*
unbound  unbound    42007 18 tcp4   192.168.7.253:53      *:*
unbound  unbound    42007 19 udp4   127.0.0.1:53          *:*
unbound  unbound    42007 20 tcp4   127.0.0.1:53          *:*
unbound  unbound    42007 21 udp6   ::1:53                *:*
unbound  unbound    42007 22 tcp6   ::1:53                *:*
[2.4.4-RELEASE][admin@sg4860.local.lan]/:

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          S 1 Reply Last reply Reply Quote 0
          • S
            shawn8888 @johnpoz
            last edited by shawn8888

            @johnpoz said in DNS Resolver Host Override not working in Windows:

            sockstat | grep :53

            You are right. seems BIND is running.
            dns2.png

            But I checked the settings and it's disabled.
            dns3.png

            And what is this "named"???

            dns4.png

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              named is BIND

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.03 | Lab VMs 2.7.2, 24.03

              1 Reply Last reply Reply Quote 0
              • S
                shawn8888
                last edited by shawn8888

                Thank you so much, johnpoz!

                I manually stopped the service at Status/Services screen. And this is what I got:

                c:\>nslookup www.facebook.com
Server:  pfSense.mydomain.com
Address:  192.168.100.2

Name:    www.facebook.com
Address:  192.168.100.201


c:\>nslookup 192.168.100.201
Server:  pfSense.mydomain.com
Address:  192.168.100.2

Name:    www.facebook.com
Address:  192.168.100.201

                Still have questions though:

                1. As the screenshot shows, BIND is NOT enabled. How did this service get started?

                2. I haven't touched BIND for a long time. But I did restart pfsense for testing, which means the named service get auto started when reboot. How can I stop it?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  No idea... Seems like you config is borked.. Export your config and look at the xml.. If not enable it shouldn't be starting - unless you manually did something like installed bind on your own vs packages, etc.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    shawn8888 @johnpoz
                    last edited by shawn8888

                    @johnpoz said in DNS Resolver Host Override not working in Windows:

                    No idea... Seems like you config is borked.. Export your config and look at the xml.. If not enable it shouldn't be starting - unless you manually did something like installed bind on your own vs packages, etc.

                    I installed BIND from package. I guess I will have to uninstall it later.
                    Thank you again for your help! You are amazing!

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by johnpoz

                      Did you maybe click on the service and start it that way? I have the package installed because time need to play with it to help users.

                      It doesn't auto start itself..

                      Learned one thing for sure - check earlier what is actually run if other users have sim issue ;) Would of solved your problem like in step one vs just trusting that all you had running was unbound.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        shawn8888 @johnpoz
                        last edited by

                        @johnpoz
                        No I didn't start the service manually.
                        Very weird, isn't it? I would think only one service can be started on one port, 53. Maybe it's a bug of pfsense? LOL

                        One last question:
                        DNS forwarder, DNS resolver and BIND all do the same thing and only one should be enabled, correct?

                        Is DNS resolver the best in your opinion?

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by johnpoz

                          No its not a bug.. look at your bindings.. Your not bound to the same things.

                          Bind is the king of dns... But you do not need it on pfsense, unbound is fine... I have been managing dns for years and years.. Since back in the bind 4 days. I just use unbound... its all you need for a home setup.

                          its got pretty much any of the features you could possible need.. Now if wanted to run an authoritative ns, or needed slave ns then I would run bind.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                          1 Reply Last reply Reply Quote 1
                          • KOMK
                            KOM
                            last edited by

                            @shawn8888 said in DNS Resolver Host Override not working in Windows:

                            I installed BIND from package.

                            This would have been a good nugget to know right from the start. At least it's working now.

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post