NoIP overriding DNS Servers #Confused

beachbum2021

thank you for the input. i enabled the dns forwarding as mentioned but it broke all DNS resolution and had to revert.

kiokoman

hard to tell without any screenshot of your configuration, but the logic is that you enable forwarding if you want to use the DNS from general settings or you leave it disabled if you want to query root servers directly also
pc on LAN must have pfSense IP as DNS server,
you need to check if firewall rules permit traffic to that DNS server (out of the box it should but we don't know what you have)

johnpoz

If you want to forward, you have to set that up.. Out of the box pfsense resolves using unbound. You have no need to set anything in general dns.

If you forward, then what you set in general will be used.

Keep in mind that when you get dhcp from your ISP for your wan, or if you have some other router upstream of pfsense and pfsense set for dhcp, that the dns handed out in dhcp can overrride and set your dns for you.

Unless you have a really bad internet connection, say sat or something.. Or you isp blocks 53 outbound to public internet, and only allows specific known dns servers.. Pfsense out of the box just resolves, and should be fine and better solution for dns for vast majority of people - this is why its default ;)

beachbum2021

the requested information. unchecked forwarding since it caused DNS to not resolve domains.

johnpoz

Well your not forwarding - so those servers in dns servers mean nothing to any client asking unbound (pfsense) for dns. The only possible thing that would use those dns would pfsense itself, when looks to try and find packages or to see if there is an update. Or if you tell it to resolve something in a firewall log.

if your not going to forward there is little reason to lists those NS in dns under general.

beachbum2021

@johnpoz i agree with you that forward should work if that option is selected however previous attempts to enable it caused DNS to not resolve domains. I will select that option and restart the device in the event the unbound resolver is getting hung during the update process.

johnpoz

Is resolving working?

There is no reason to restart pfsense - is unbound running or not.. you can see if it is. Just by looking at the unbound log, or the services widget, etc.

beachbum2021

@johnpoz trying to enable it now, spinning endlessly, never get apply button. may need to disable pfblocker and suricata to speed it up...
result:
504 Gateway Time-out
nginx

going to connect via serial now

johnpoz

pfblocker can slow down unbound startup sure. If your loading a shitton of lists.

beachbum2021

@johnpoz @kiokoman thanks you guys, it finally updated and is good now, mucho grazi.

johnpoz

I wouldn't really say that - your forwarding.. Not a fan ;)