<![CDATA[DNS reporting SERVFAIL on (almost) default fresh install]]>After a day of googling and trying, I'm afraid i have to turn to you guys, with a potentially dump question.

I have just purchased a new SuperMicro 5018A-FTN4 barebone, installed 16GB of DDR3 RAM and a 100GB Intel S3700 SSD to do some routing, DHCPing and DNSing on my home network. It's probably overkill, but I was a bit tired of having monitors all over the place, and this was the only board I could find that has IPMI.

I have freshly installed PfSense 2.3.1-RELEASE (amd64) from an ISO with a full Kernel, and aside from changing the LAN IP range to a class B range, I didn't really change much.

Unfortunately, the DNS doesn't seem to work:

$ nslookup pfsense.org
Server:		172.17.1.1
Address:	172.17.1.1#53

** server can't find pfsense.org.mynet.local: SERVFAIL

Dig isn't very helpful either:

$ dig pfsense.org

; <<>> DiG 9.8.3-P1 <<>> pfsense.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57016
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pfsense.org.			IN	A

;; Query time: 8 msec
;; SERVER: 172.17.1.1#53(172.17.1.1)
;; WHEN: Mon Jul 25 19:58:15 2016
;; MSG SIZE  rcvd: 29

However, it can resolve its own name:

$ dig pfsense

; <<>> DiG 9.8.3-P1 <<>> pfsense
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33648
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pfsense.			IN	A

;; ANSWER SECTION:
pfsense.		3600	IN	A	172.17.1.1

;; Query time: 0 msec
;; SERVER: 172.17.1.1#53(172.17.1.1)
;; WHEN: Mon Jul 25 19:59:00 2016
;; MSG SIZE  rcvd: 41

$ nslookup pfsense
Server:		172.17.1.1
Address:	172.17.1.1#53

Name:	pfsense.mynet.local
Address: 172.17.1.1

I have configured Google's public DNSes 8.8.8.8 and 8.8.4.4 in the wizard and have left DNSSEC enabled, but switching it off doesn't make a difference. Naming my domain mynet.local may not have been a good idea, but changing that doen't make a difference either. I am a bit surprised though, that it is postfixing pfsense.org with .mynet.local

]]>https://forum.netgate.com/topic/103232/dns-reporting-servfail-on-almost-default-fresh-installRSS for NodeFri, 06 Mar 2026 08:53:47 GMTMon, 25 Jul 2016 18:09:19 GMT60<![CDATA[Reply to DNS reporting SERVFAIL on (almost) default fresh install on Tue, 26 Jul 2016 18:15:10 GMT]]>Great, glad to hear it's working for you now  ;)

]]>https://forum.netgate.com/post/639987https://forum.netgate.com/post/639987Tue, 26 Jul 2016 18:15:10 GMT<![CDATA[Reply to DNS reporting SERVFAIL on (almost) default fresh install on Tue, 26 Jul 2016 17:09:36 GMT]]>Thanks a lot! I still had "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked. I could have known, but it didn't occur to me. What also may have contributed to SERVFAIL being reported, seems some weird interaction of the IPMI interface and igb0.

I have unchecked the box and configured IPMI failover to use the dedicated IPMI LAN port and now it works perfectly! Thanks again for the help.

]]>https://forum.netgate.com/post/639967https://forum.netgate.com/post/639967Tue, 26 Jul 2016 17:09:36 GMT<![CDATA[Reply to DNS reporting SERVFAIL on (almost) default fresh install on Tue, 26 Jul 2016 02:05:01 GMT]]>Hmm, that's a puzzling issue.  So on System > General you have 8.8.8.8 and 8.8.4.4 listed?  Are they assigned to a particular gateway or is that set to "None"?

What about the 2 checkboxes below that ("Allow DNS server list to be overridden by DHCP/PPP on WAN" and "Do not use the DNS Forwarder as a DNS server for the firewall") – try making sure that both are UNchecked.

Do you have any weird rules on any of your interfaces that might be blocking DNS traffic?

From your LAN connected machine, does dig +short google.com @8.8.8.8 yield anything?

]]>https://forum.netgate.com/post/639801https://forum.netgate.com/post/639801Tue, 26 Jul 2016 02:05:01 GMT