Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense DNS Not working

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      ajhalls
      last edited by

      I replaced a Dell tower running PFSense 2.2 that kept needing to be rebooted with a Nokia (Nokia Checkpoint IP390 8 Gigabit Ethernet GbE 4GB CF 1GB RAM) rack mount appliance running the newest PFSense 2.3 that I got off eBay.

      Things seemed to go smoothly except that the server isn't forwarding DNS info to the DHCP clients. The clients have full access to the internet and I can manually configure them to use Google's DNS servers. The PFSense server has DNS working on it, I can ping domains just fine from there, and the clients have it configured as the gateway and DNS server for them.

      Unbound is installed, running and from what I can see is configured correctly with nothing checked under DNS Forwarder, but DNS Resolver is checked for all interfaces.

      I have the local clients going for now by manually configuring each ones DNS, but would like to fix the server to work correctly so I don't have a headache each time I plug in a new computer.

      For what it is worth, the interface is also REALLY slow, even from the local console it may take 10 seconds to respond. I just got into the office and on the console just hitting ENTER took it about 15 seconds to refresh the admin menu the first time, and about 5 seconds the next time.

      Any help is appreciated.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Did you setup your acls in unbound for your different local networks, you mention multiple interfaces.  I would assume from that multiple networks - if so they need to be allowed in the ACLs of unbound.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • A Offline
          ajhalls
          last edited by

          I have a single WAN at em0 and a single LAN at em1. I don't recall setting up ACLS on my last machine, is there a guide you can point me to? I looked at the Access List tab under the DNS Resolver and there was nothing configured there. I tried to add a few things such as 192.168.1.1 and the IP of my client, but it didn't seem to do any good.

          What am I missing here?

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            well its not going to work without ACL for allow, post up what you did.

            So when you do a query with your fav dns tool, dig, drill, nslookup from your client what do you get back?  ServFail, timeout?  Your client is pointing to pfsense IP on your lan right?

            when you do a query from pfsense dns query, what does it show as the dns server you ask?

            dnslookup.jpg
            dnslookup.jpg_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            1 Reply Last reply Reply Quote 0
            • A Offline
              ajhalls
              last edited by

              From nslookup on my windows machine I get:

              nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1 <---PFSense

DNS request timed out.

              From the server I get the results pictured:

              Capture.PNG
              Capture.PNG_thumb

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                well pfsense is not using the resolver (itself) its using google.  You sure you have the resolve enabled.  Your client did not get refused or servfail it got a timeout, like pfsense isn't even listening on 53??  Or maybe your connection upstream of pfsense blocks you from resolving??  Your isp blocking or intercepting dns to other than major players?

                Notice how mine comes back that it asked itself 127.0.0.1, why is your using google?  If using resolver mode the only dns listed in pfsense should be loopback.

                Even if pfsense couldn't do upstream queries it should come back with its own name..

                blsljdsf.sjlfjdsfldsfdf.sljfdsldjfs
                Server:  pfSense.local.lan
                Address:  192.168.9.253

                *** pfSense.local.lan can't find blsljdsf.sjlfjdsfldsfdf.sljfdsldjfs: Non-existent domain

                pfsensedns.jpg
                pfsensedns.jpg_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07 | Lab VMs 2.8, 25.07

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.