DNS not resolving on pfSense!?



  • Hi, maybe someone can help me or point me into the right direction …

    So I've got two internal DNS server (192.168.1.10 and 192.168.1.11) who can resolve internal DNS and who, if necessary, forward DNS queries to external DNS servers. That works perfectly with my current firewall (a Watchguard). But now I'm trying to setup an old server with pfSense as a backup firewall.

    I've configured the pfSense quite a bit now. And when only connected to the existing internal network (using eth1) then the domain lookup works > the internal DNS do their job.

    But when I connect the WAN cable to my eth0 then DNS queries don't get resolved anymore ... although I have added a 'LAN to everywhere DNS rule' ...

    Any ideas!?

    Thanks a lot,

    Jerome


  • Banned

    Not sure what you mean by backup firewall. If you are daisy-chaining firewalls and producing multi-NAT, that's just an incredibly bad idea.



  • But when I connect the WAN cable to my eth0 then DNS queries don't get resolved anymore

    No idea what you mean by this.  Why are you swapping cables around??


  • Rebel Alliance Global Moderator

    Yeah no idea how your setup, backup firewall?  draw your network would be my suggestion if you want any sort of help



  • Ok, sorry for the confusion …

    So this is my situation:

    Currently I've got a working firewall (a Watchguard). But I want a second firewall as a backup, meaning a firewall that's standing by, one that I could manually switch it on in case the Watchguard fails. So the pfSense would be OFFLINE (or disabled) until it's needed.

    But what I'm doing right now is trying to get the pfSense to work in the first place. So I've disabled the Watchguard, thus simulating a failure from the Watchguard, and I want the pfSense to do the job instead. But for some reason the DNS is not working in that scenario ...

    My pfSense has two interfaces, for now: the LAN and the WAN network cards.

    The LAN has an internal IP: 192.168.2.1 (/21)
    The WAN has an external IP like: 157.64.55.240, its upstream gateway has the IP: 157.64.55.1

    I've only got the default rules for now.

    I've added my two internal DNS servers (gateway: none) under 'General Setup' as well as 8.8.8.8 (gateway: WANGW).

    What I meant with the 'WAN cable': the ethernet cable connecting the WAN NIC of the pfSense with a certain port on my main switch (on the same VLAN as the fiber of my incoming internet connection)

    And the DNS resolution works if the pfSense is connected solely via its LAN interface (as a kind of switch? not acting as a firewall). It gets the resolution from one of the internal DNS servers ('no response' from the Google one).

    Is it any clearer now? And yes, I'm obviously not a network expert ...

    ps. I'm also not sure whether to use DNS Resolver or DNS Forwarder? When would you chose either?



  • Ok, I've solved the problem … I finally figured out that I don't need to reference the internal DNS servers and that I have to indicate the WAN Gateway to the two Google DNS servers. D'oh, works fine now!



  • ps. I'm also not sure whether to use DNS Resolver or DNS Forwarder? When would you chose either?

    Quick & dirty answer: Resolver talks to the DNS root servers to resolve requests.  Forwarder sends requests to an upstream DNS (your ISP or Google for instance) to resolve requests.  Resolver is the default because it just works without any other configuration.  Forwarder needs to know the upstream DNS servers to forward your requests to.

    https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

    https://doc.pfsense.org/index.php/DNS_Forwarder



  • ok, thanks!