Internet on windows but not ubuntu bad pfsense configuration?

Raffi_

Before doing that maybe try some more troubleshooting.

Try to run a dig from Ubuntu and maybe also from pfSense to compare the results.

e.g.,
dig google.com
dig @8.8.8.8 google.com

The first should use your default DNS server the second is using google's DNS server.

stephenw10

Check pfSense itself can resolve. Test something in Diag > DNS Lookup. Be sure all configured servers respond, that should include 127.0.0.1.

Make sure both VMs appear in the pfSense DHCP lease table. You might have something else handing out leases.

Steve

Farisse

@Raffi_

@stephenw10

Should the pfSense DHCP lease table show me the static ip from my vms ?

Raffi_

Woaw 8 seconds for a query could be your issue. Those DNS servers are used only for this DMZ?

Farisse

Nope those are DNS servers on my school's network. :/ Can not work without them

Raffi_

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Nope those are DNS servers on my school's network. :/ Can not work without them

...Can not work with them either.

Edit
Something is very wrong there. Even if your were to ping a server at the furthest possible point on the planet, I would not expect a number like that.

Farisse

Haha got me ! But actually it work but only on windows VMs and not on Ubuntu. Idk if ubuntu is using different dns ports (not at my knowledge) Or if pfSense is sending the dns request to the wrong servers ?

Raffi_

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Haha got me ! But actually it work but only on windows VMs and not on Ubuntu. Idk if ubuntu is using different dns ports (not at my knowledge) Or if pfSense is sending the dns request to the wrong servers ?

Could it be that Ubuntu's query timeout is shorter than Windows?

Raffi_

I think using pfSense DNS resolver could help here since it would build up a cache.

Farisse

Idk, but when i restart the services i can get internet on my ubuntu.
So maybe my ubuntu is making a link with the dns servers when nothing can intercept the packets.
And if pfsense if running again it can't 'wipe' packets when the connection is established so ubuntu vm still have internet.
But when i restart the ubuntu vm every connection is closed and could not be established again.

This is what i guess but i don't know how to fix it by a port forwarding or traceroute can't determine where it sucks :/

Raffi_

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Should the pfSense DHCP lease table show me the static ip from my vms ?

Also, going back to @stephenw10 question on DHCP leases. That needs to be cleared up.

Farisse

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

That needs to be cleared up

I activated dns resolver with forwarding but still doesn't work.

I try it with Chrome and i receive this error:

stephenw10

Yeah that is catastrophically bad! Something is very broken there.

I guess the DNS timeout in Windows is higher which is why it worked.

You don't see localhost there so you probably have 'Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall' set in System > General setup. That doesn't make much difference unless you have host overrides there the firewall should use.

Steve

DaddyGo

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

Woaw 8 seconds for a query could be your issue. Those DNS servers are used only for this DMZ?

I thought I would note this too, but I rather skipped it, hihihihhi

Raffi_

I activated dns resolver with forwarding but still doesn't work.

I try it with Chrome and i receive this error:

Try it a second time. Once unbound caches it, it should come right up the second time.

Raffi_

@stephenw10 said in Internet on windows but not ubuntu bad pfsense configuration?:

You don't see localhost there so you probably have 'Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall' set in System > General setup. That doesn't make much difference unless you have host overrides there the firewall should use.

Steve

Would dnsmaq use the local host as well or is that only the default for unbound?

Farisse

@stephenw10 Its not after you told me i should probably have the localhost as respond i remembered i had in the beginning in general information the localhost and then not anymore. So i've add it back with the dns server (good or wrong way idk) But ly query is a lot faster now.

But the option "Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall " is not set in.

@Raffi_ I also tried it a second and third time, but no result. Or ... the same result.

Raffi_

If you are using DNS resolver with forwarding mode, the first option will be the local host by default. There is no need to enter it again under DNS Server Settings in the General setup tab.

Edit, something doesn't seem right with those 1ms query times. How would it go from 8 seconds to 1ms? I think this might be the DNS lookup GUI bug I've seen in the past.

Run those dig commands from pfSense instead.
Diagnostics/ Command Prompt
dig @172.20.0.253 google.com
dig @172.20.0.254 google.com

I think those might give you the real results.

DaddyGo

@Raffi_

just an idea
it would be worthwhile to look at and compare these:

Windows: https://docs.microsoft.com/en-us/previous-versions//cc977482(v=technet.10)?redirectedfrom=MSDN

Linux: /etc/resolv.conf

search domain.net
option timeout:1
nameserver 1.1.1.1
nameserver 2.2.2.2
nameserver 3.3.3.3

or something like that

Farisse

@Raffi_

I removed the localhost from the general setting and these are the results

@DaddyGo It was a good suggestion, but unfortunately /etc/resolv.conf is managed by systemd-resolved who is used by netplan /etc/netplan/*.yaml