Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS stop working

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 4 Posters 501 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin
      last edited by

      Greetings All,

      I'm using DNS Resolver.I observed a strange issue , that all of sudden DNS stop working on my lan side . When I ping 8.8.8.8 from pfsense it self it does ping and respond.

      I did nslookup google.com on my client end and find following

      nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  172.16.159.254

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

      I've simple rule on lan allow all request if destination is pfsense-IP port is DNS 53 let it pass and block all other if destination is not pfsense-ip .

      When DNS start working it does response back as below.

      nslookup google.com
Server:  pfSense.local.landomain
Address:  172.16.159.254

Non-authoritative answer:
Name:    google.com
Addresses:  2a00:1450:4018:804::200e
          216.58.209.142

      Regards

      johnpozJ GertjanG 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @scorpoin
        last edited by

        Are you registering dhcp leases? This will restart the resolver (unbound).. Are you using pfblocker - this can delay the start of unbound.. So if registering dhcp leases and using pfblocker you can run into issues were unbound is offline for a bit of time

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @scorpoin
          last edited by

          @scorpoin said in DNS stop working:

          that all of sudden DNS stop working on my lan side .

          You actually saw :

          208ac382-9a10-49a0-b150-42060e61ada6-image.png

          Or do you see :

          1c826368-41a0-4f99-9fee-bc229c4d5ff5-image.png

          Also a good starting point : the place where you can find the truth,; nothing but the truth, etc :

          Status > System Logs > System > DNS Resolver

          About pfBlockerNG-devel; if used, and you're on the latest 3.00000 series this kind of info is not just optional : https://forum.netgate.com/topic/158592/pfblockerng-devel-v3-0-0-no-longer-bound-by-unbound/17 (and redit posts, etc) so yes, the option 1 and 3 from here should be unchecked :

          2a4740bd-af56-44f9-a622-0f61ff17c3d8-image.png

          Although I guess the latest 00005 version ( ? ) does the check for us. But better check for yourself.

          If the Resolvers stops without any known reasons, don't rest until you found the reason.
          I know mine doesn't stop - never.

          @scorpoin said in DNS stop working:

          all request if destination is pfsense-IP port is DNS 53 let it pass and block all other if destination is not pfsense-ip

          Just keep in mind that you should be aware of your own DNS blocking.
          If you see DNS issues, de activate your firewall rules. Does it pass now ? Etc.
          Wireshark, if needed, etc.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          S 1 Reply Last reply Reply Quote 0
          • bingo600B
            bingo600
            last edited by

            I do ocationally see Service Watchdog restart Unbound (e-mail notify)
            It's rare in the current version , but it still happens.

            I has one on 19/07 this year , and two on 31/10

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            1 Reply Last reply Reply Quote 0
            • S
              scorpoin @Gertjan
              last edited by

              @gertjan when I check the server is on green status means running but on LAN there is not DNS resolving . I'm using pfblockerng-devel 2.x version I have not updated yet . I don't to jump directly unless its safe to use with out bug so far. I've remove the check from DHCP registration for now and see what happen.

              If the issue still occurred then what's is the next step?

              Regards

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.