ISP ignoring my DNS server settings from pfsense?

Gimpymoo

Hello.

I am running a 4G modem/router in the UK and am with Vodafone.

The modem/router is a Zyxel LTE3301-PLUS.

I am running it in "pass through" mode to the WAN on the pfsense and the external WAN IP is being passed to it.

The internet is working as it should for the most part, HOWEVER, Vodafone seem to do some funky stuff with the DNS and some sites do not work, when simply pinging the sites, the path goes dead after leaving the modem.

Current DNS setting:

Despite the above settings, the DNS settings in pFsense are ignored and it uses the Vodafone ones anyway.

Can someone please enlighten me as what the ISP are doing and if there is a way around it other than using a VPN.

Thank you.

Gertjan

@gimpymoo said in ISP ignoring my DNS server settings from pfsense?:

Can someone please enlighten me as what the ISP are doing

You chose them. You have all the rights to ask them.

@gimpymoo said in ISP ignoring my DNS server settings from pfsense?:

Despite the above settings, the DNS settings in pFsense are ignored and it uses the Vodafone ones anyway.

How do you know ? What tests showed this behaviour ?

Why ?
( do you think you have to give 'Googlr' your DNS requests ?)

The default resolver works just fine.

Gimpymoo

@gertjan said in ISP ignoring my DNS server settings from pfsense?:

How do you know ? What tests showed this behaviour ?

I used http://www.whatsmydnsserver.com/

ora23362

@gimpymoo
Check if the IP address that site shows as the DNS server is the same as your WAN IP. It probably is hence incorrect result.

styxl

try a different DNS server like 1.1.1.1 or some other one,

Gimpymoo

I switched from Vodafone to Three.

Three now honouring the DNS server on the pfsense appliance so definitely something odd with Vodafone.

Some sites flatout refused to load as well, all now working.

DEFINITELY something with the ISP.

styxl

they are probably intercepting your dns traffic and redirecting to their server for filtering

BrucexLing

@styxl
I suspect my ISP is also intercepting my DNS lookups. Are there any methods to force my DNS resolving intent through the ISP’s system, other than VPN?

styxl

@brucexling You can setup a local resolver (bind/unbound) or use the PFSense Resolver and have dns queries forwarded to google (8.8.8.8) or cloudflare (1.1.1.1) using TLS port 853 they wont intercept that. In a nutshell, the local resolver caches and responds to queries from your network and uses google/cloudflare for root

Additional config:

server:
aggressive-nsec: yes
  forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 1.1.1.1
    forward-addr: 8.8.8.8
    forward-addr: 8.8.4.4