Internal DNS server not working

mk873425

@johnpoz
If I perform a dig, the connection times out. No servers could be reached.

johnpoz

Well then you have something wrong... You should be able to talk to the root servers or any other dns you want to on the planet.

float

@johnpoz @mk873425
I have the same problem with the same hardware (FritzBox 7530) and a Netgate 7100. Without a PPPoE connection the resolver responds (few ms). When the connection is established, the resolver doesn't respond any longer (no response). All the root servers timeout.

When I use it in forwarder mode, everything works. I tried it after a reinstall of pfSense: same thing. Resolver works on 127.0.0.1 without PPPoE-connection. Resolver stops working on 127.0.0.1 with PPPoE-connection.

Cool_Corona

@float Fritzbox is blocking DNS to everything else than their own?

float

@cool_corona I only use it as a modem - pfsense builds the PPPoE-connection. I can also use any other DNS servers like Google, CloudFare, etc. except the root servers. Those all timeout.

mk873425

@cool_corona I think so, I already contacted AVM about it, they say they can't do anything about it. I've swapped the Fritz for a Zyxel modem, all is working well now.

mk873425

@float The issue lies with the Fritz Box, it's somehow blocking DNS, tried everything but couldn't get the resolver to work, only the forwarder. Swapped it out for a Zyxel modem, everything is working as it should now.

norbi771

Hi,
After a power failure, I have a similar issue.
I cannot resolve anything.

cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
search corp

root: dig www.google.pl +trace

; <<>> DiG 9.12.2-P1 <<>> www.google.pl +trace
;; global options: +cmd
;; connection timed out; no servers could be reached

root: dig @8.8.8.8 www.google.pl +trace

; <<>> DiG 9.12.2-P1 <<>> @8.8.8.8 www.google.pl +trace
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Normally, I use forwarder.
After power failure users reported that they cannot access the internet, and it looked like the forwarder issue.

I then realized that PFSense itself cannot resolve anything.
I disabled forwarder and resolver, to be sure they do not mess with my tests.

I never saw anything like that.

Can somebody comment on that, please?

float

FYI, AVM is looking at the problem.

norbi771

In my case it was another device, which was connected to PFSENSE, causing the problem.

float

Update from AVM:

We are still examining your reported DNS issue, yet are unable to find any causes on side of the FRITZ!Box.

We are therefore continuing our investigations regarding this issue based on your data. As far it is reproducible and on our part solvable issue, we will provide a solution with a forthcoming firmware update for your FRITZ!Box. As the FRITZ!OS development is a complex process, we are unable to offer a short-term solution.

Please test whether any improvement of the behaviour can be achieved when a new firmware update for your FRITZ!Box has been released. We will get in touch with you if we can offer any solutions for you or give you the exact external cause.

norKoeri

The thread is a bit old, but since June 2024 the latest FRITZ!OS addresses this issue: ‘Im PPPoE-Passthrough-Betrieb der FRITZ!Box werden DNS-"Root Queries" über UDP nicht mehr gefiltert’.

When I reported the issue, AVM found the culprit, a Firewall rule. Furthermore, just UDP/IPv4 was affected, TCP or IPv6 worked for DNS root queries.

Consequently, with the upcoming FRITZ!OS 8, this should be fixed for everyone. Not sure if @mk873425 @float (or someone registered for notifications to this thread) still uses a FRITZ!Box as DSL modem, anyway please give it a try. @mk873425 I think you had a Reddit about this as well, please, update there if still possible.