DNS partially working

  • I am running 2.3.1 and have my WiFi on OPT1 via VLAN. Whenever tablets or phones connect to the AP's they get DHCP and internet with no issues.Whenever a laptop connects though, it gets DHCP but it cannot get DNS. I've tried this on a few laptops running Windows XP, 7, 8.1 and 10. Each time the computers claim they can't reach a DNS server. What would make it so that tablets and phones can get out, but laptops can't. I've set the DNS servers to be and

  • LAYER 8 Global Moderator

    why would your dns not just be pfsense IP address in that vlan?

    Is this a AP is it really an AP or are you double natting?  So this AP that is on vlan on opt1 is using the same physical interface in pfsense as your lan?

    Some more details of how your actually connected, how this vlan is setup on your AP.  Do you have multiple ssid with different vlans on them.  Or is everything just untagged? How do you have your switch setup that this AP connects too?

  • The AP's are BSAP1920's that are VLANed through an Adtran POE managed switch. I have two SSID's going to two different VLANs, a secure one which has not problems with connections and then the open one for public use which is VLANed into OPT1. My Lan is connected to a different interface on the pfsense box. Whenever a phone or tablet connects to the public SSID it has no problem, when a laptop connects to the exact same SSID, then it hits the cannot connect to DNS server issue.

  • Sounds like a config issue on the laptops. Have you checked them to see if they're picking up the correct DNS details once they've connected to the wifi? If not, have they had their DNS settings configured statically? Are the firewall settings on the laptops set incorrectly? Have you tried running an nslookup from any of the laptops against an external/internal DNS server?

  • All of the laptops are running auto DNS and I even turned the firewall off on some to see what would happen and that didn't help. When I run nslookup I get dns request timed out, with the server being unknown.

  • LAYER 8 Global Moderator

    and what IP is your nslookup defaulting too?  Pfsense?  Why can it not query it if up and running?

  • @Falconeio:

    When I run nslookup I get dns request timed out, with the server being unknown.

    Your DNS settings on your laptops are wrong. I repeat - did you run an nslookup against an EXTERNAL DNS server? Like 'nslookup www.google.com'. If that works, then the issue is with the DNS server your laptops are using.

  • So much text and yet zero information on what you have actually done. Start by showing us what is the IP address the clients are using for their DNS and how that relates to the interface and DHCP server settings on your pfSense. Also post your firewall rules on the VLAN interfaces.

  • To start off, the nslookup was against www.google.com and got those results.

    I'm using and for the DNS, set up in system, general.

  • LAYER 8 Global Moderator

    Well your rules allow any any.. Yet your unable to directly query say google dns, that points to 53 being blocked up stream, or your isp doing intercepts or blocking of dns to anything other than their dns.

    If your doing direct queries from your devices, what pfsense has setup for dns has nothing to do with the issue at all.  Maybe your phones you use and or tablets are just using pfsense for dns, that is forwarding to your ISP dns?  Which is allowed?

  • @Falconeio:

    When I run nslookup I get dns request timed out, with the server being unknown.

    Sigh… So what are the DNS settings on your laptops? Have you run an 'ipconfig /all' (Windows) or checked the /etc/resolv.conf (Linux) on any clients? If the server is timing out, either the address is wrong or your rules are preventing your DNS traffic from getting out. And for that matter, is the PFS being used as a DNS forwarder and your DHCP config setting the clients to use the firewall as their primary DNS, or have you set your DHCP settings to use an external DNS server?

    Let's cut to the chase: Post your DHCP config (screenshot, please). Otherwise this just becomes a guessing game with no winners. Though judging from what you've said so far, I'm feeling pretty sure this has more to do with a misconfiguration on your laptops than anything to do with the firewall.

  • Here is the ipconfig/all from one of the laptops, I'm using DNS Resolver and have attached the screens as well and the DHCP.

    ![DNS Resolver.jpg](/public/imported_attachments/1/DNS Resolver.jpg)
    ![DNS Resolver.jpg_thumb](/public/imported_attachments/1/DNS Resolver.jpg_thumb)
    ![DNS Resolver Advanced.jpg](/public/imported_attachments/1/DNS Resolver Advanced.jpg)
    ![DNS Resolver Advanced.jpg_thumb](/public/imported_attachments/1/DNS Resolver Advanced.jpg_thumb)

  • LAYER 8 Global Moderator

    your client got dhcp, and he is pointing to pfsense.. So do a nslookup.. What is that output??  If it times out then your client is not talking to pfsense on 53..

    I just at a loss to why anyone would run unbound in forwarder mode and have dnssec disabled??  What a pointless setup…  If all you want to do is forward why not just use dnsmasq.. Atleast it can query your dns in parallel.

    So where exactly are you forwarding these queries too??  What is your dns settings in pfsense?  Can pfsense even lookup anything.. Go to diag, dns lookup and lookup something like www.pfsense.org  Post that..

    what do think you are doing with that rrecc suffix??

Log in to reply