DNS server not responding

johnpoz

Can tell there is something wrong..

See where when you do nslookup it comes back unknown for your dns..

That is not how it should look..

$ nslookup
Default Server:  sg4860.local.lan
Address:  192.168.9.253

This should come back with your pfsense fqdn.. If you can talk to pfsense for dns, dns is actually running on pfsense.. pfsense has to do no lookup at all for that to work.. So this would be basic sanity check.. If that does not come back with pfsnse name.. Then you have connectivity problem, unbound/dnsmasq/bind is not running on pfsense (whatever you are using).. Or there is some wrong with it for sure.

Gertjan

@johnpoz said in DNS server not responding:

some wrong

For sure.
Like Resolver (unbound) using ACL - and nothing has been setup for OPT1.
Or its forwarding and that setup is faulty.
Or .... what ever.
It's time @yodar44 starts communicating a bit better as it's DNS ^^

johnpoz

@Gertjan said in DNS server not responding:

Or its forwarding and that setup is faulty.

Even even forwarding and not working, the name of pfsense should come back when the dns client does the ptr for it.

Your ACL suggestion possible yeah.

yodar44

@johnpoz Screen Shot 10-30-19 at 10.08 AM 001.JPG
i'm attaching screen shots of DNS resolver settings. do you see any thing wrong? i didn't change anything. it is same as it came.

johnpoz

what about your acl tab? Did you turn off the auto acl, or did you create your own? But if your acl were not allowing then you wouldn't ever get any answers.

You sure its just not restarting a lot.. Are you running pfblocker, are you doing any attempted dns redirect..

Here is the thing.. When put in the nslookup cmd and you don't get back the name of the dns your pointing to - this is telling you have a problem at basic level, and not just having issues resolving stuff.

Type just nslookup at the cmd line... You should see a name for your pfsense, like you in mine.

yodar44

@johnpoz
the acl tab is blank:
ServicesDNS ResolverAccess Lists
General Settings
Advanced Settings
Access Lists
Access Lists to Control Access to the DNS Resolver

i don't know what pfblocker is.
i didn't intentionally do any dns redirect.
my nslookup:
C:\WINDOWS\system32>nslookup
Default Server: UnKnown
Address: 2001:558:feed::1

how do i set what DNS i am pointing to?

Gertjan

@yodar44 said in DNS server not responding:

how do i set what DNS i am pointing to?

You said it yourself : your fist post :

@yodar44 said in DNS server not responding:

DNS Servers . . . . . . . . . . . : 10.100.1.1

and just above :

@yodar44 said in DNS server not responding:

Address: 2001:558:feed::1

which is ok for me .... I see the same "IPv6" address :

Your OPT1 interface and for that matter pfSense is handling / has been set up to handle IPv6 ?
edit : use

ipconfig /all

to see all the network details of your PC.

johnpoz

@yodar44 said in DNS server not responding:

how do i set what DNS i am pointing to?

Via your dhcp.. Or directly on your client... What your pointing to there is a IPv6 address for Xfiniity dns..

And that should resolve to
cdns01.comcast.net.

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.e.e.f.8.5.5.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.e.e.f.8.5.5.0.1.0.0.2.ip6.arpa. 7172 IN PTR cdns01.comcast.net.

yodar44

@johnpoz
this is my ipconfig/all
Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : DC-FE-07-0A-71-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:246:5680:ae30::bea3(Preferred)
Lease Obtained. . . . . . . . . . : Wednesday, October 30, 2019 2:36:37 AM
Lease Expires . . . . . . . . . . : Wednesday, November 6, 2019 2:36:37 AM
Link-local IPv6 Address . . . . . : fe80::d9dd:4d34:3b6a:5c85%22(Preferred)
IPv4 Address. . . . . . . . . . . : 10.100.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 28, 2019 4:16:13 PM
Lease Expires . . . . . . . . . . : Wednesday, October 30, 2019 1:06:38 PM
Default Gateway . . . . . . . . . : 10.100.1.1
DHCP Server . . . . . . . . . . . : 10.100.1.1
DHCPv6 IAID . . . . . . . . . . . : 383581703
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-26-DC-F7-DC-FE-07-0A-71-0B
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
10.100.1.1
2001:558:feed::1
2001:558:feed::2
NetBIOS over Tcpip. . . . . . . . : Enabled

the only difference between the LAN and OPT is the .1 on OPT vs .10 on LAN
ServicesDHCP ServerOPT: Range 10.100.1.1 From, 10.100.1.254 To
ServicesDHCP ServerLAN: Range 192.168.1.10 From, 192.168.1.245 To

is that significant?

johnpoz

Well your client there has an IPv6 address... So yeah it perfers IPv6... Which in your setup is pretty hosed since now your asking comcast dns vs your own local dns..

I would suggest you disable IPv6 until such time that you can even get IPv4 working.

yodar44

@johnpoz
how do i disable ipv6?

johnpoz

The easy way on windows, from an elevated cmd prompt

reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255

Reboot

To put it back exactly how it was before

reg delete hklm\system\currentcontrolset\services\tcpip6\parameters\ /v DisabledComponents /f

reboot.

yodar44

@johnpoz
ok, now ipconfig/all says
Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : DC-FE-07-0A-71-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.100.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 30, 2019 2:24:19 PM
Lease Expires . . . . . . . . . . : Wednesday, October 30, 2019 4:06:34 PM
Default Gateway . . . . . . . . . : 10.100.1.1
DHCP Server . . . . . . . . . . . : 10.100.1.1
DNS Servers . . . . . . . . . . . : 10.100.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

but nslookup still says
C:\WINDOWS\system32>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 10.100.1.1

so it seems that something in the pfsense settings is causing the problem. ??

johnpoz

There is nothing in the settings you showed that is odd.. Is it running?

Do you even have connectivity to pfsense? Why is your dhcp lease so short? And such an time?

Up the logging level in the unbound/advanced to atleast 3... And enable logging of queries..

In your options box at the bottom of unbound

server:
log-queries: yes
log-replies: yes

And then we can see what is going on... I don't even think your talking to the pfsense Because your getting timeouts.. So unbound is not running, or you can not talk to it... You have no rules in the floating tab?

yodar44

@johnpoz said in DNS server not responding:

There is nothing in the settings you showed that is odd.. Is it running?
is what running?

Do you even have connectivity to pfsense?
i can login to 10.100.1.1, if that is what you mean.

Why is your dhcp lease so short? And such an time? ??

Up the logging level in the unbound/advanced to atleast 3... And enable logging of queries..
In your options box at the bottom of unbound
i looked in Status/System Logs/Settings, and i don't see these options.
where should i be looking?

johnpoz

That is not where I said to look... I am really starting to think you are just trolling us..

I clearly stated unbound / advanced..

Which you see

Are you not seeing the options box?

yodar44

@johnpoz
ok, i didn't understand where to look.

but now i have new problem. the sg-1100 seems to have failed. i t seems to be completely dead. the pwr light comes on but none of the ports do anything. i tried connecting to the console via putty, no response. also it doesn't get warm any more.
i emailed support to see what to do.

sadainwr

This post is deleted!

william333

This post is deleted!