Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolution from DNS Resolver is patchy.

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 378 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      ProxyMoron
      last edited by

      Hey All,
        I have configured the DNS resolver to use my VPN interface for DNS resolution, in that i have selected my VPN_WAN and VPNV6_WAN as the only Outgoing interfaces to use to send queries to authoritative servers.

      Enable Forwarding Mode is NOT checked so im using the root servers to resolve.

      My problem is that only some DNS requests get answered at the client side, for example, on a windows machine in the LAN using nslookup with the pFsense (pfsense gateway ip) server selected (so server 192.168.x.1) i find that some DNS requests are not resolved.

      For example, www.cnet.com always returns a timeout:-

      > www.cnet.com
Server:  [192.168.5.1]
Address:  192.168.5.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to [192.168.5.1] timed-out

      Yet a lookup to www.pfsense.org works fine:-

      
> www.pfsense.org
Server:  [192.168.5.1]
Address:  192.168.5.1

Non-authoritative answer:
Name:    www.pfsense.org
Addresses:  2610:160:11:11::69
          208.123.73.69

      If i change the server selected in nslookup to my VPN DNS provider it WILL resolve www.cnet.com.

      The strange thing is that in the logs it DOES look like lookups for www.cnet.com are being resolved.

      Feb 26 18:43:18 	unbound 	41945:1 	info: processQueryTargets: www.cnet.com. AAAA IN
Feb 26 18:43:18 	unbound 	41945:1 	info: resolving www.cnet.com. AAAA IN
Feb 26 18:43:18 	unbound 	41945:1 	info: resolving www.cnet.com. AAAA IN
Feb 26 18:43:18 	unbound 	41945:1 	info: resolving www.cnet.com. AAAA IN
Feb 26 18:43:18 	unbound 	41945:1 	info: resolving www.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: processQueryTargets: www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: query response was CNAME
Feb 26 18:43:16 	unbound 	41945:1 	info: reply from <cnet.com.>193.108.91.230#53
Feb 26 18:43:16 	unbound 	41945:1 	info: response for www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: iterator operate: query www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_reply
Feb 26 18:43:16 	unbound 	41945:1 	debug: cache memory msg=178017 rrset=374568 infra=431201 val=0
Feb 26 18:43:16 	unbound 	41945:1 	info: processQueryTargets: www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: iterator operate: query www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_pass
Feb 26 18:43:16 	unbound 	41945:1 	info: finishing processing for ns.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving ns.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: iterator operate: query ns.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	debug: iterator[module 0] operate: extstate:module_state_initial event:module_event_pass
Feb 26 18:43:16 	unbound 	41945:1 	info: processQueryTargets: www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: iterator operate: query www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	debug: iterator[module 0] operate: extstate:module_wait_reply event:module_event_pass
Feb 26 18:43:16 	unbound 	41945:1 	info: finishing processing for ns3.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving ns3.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: iterator operate: query ns3.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	debug: iterator[module 0] operate: extstate:module_state_initial event:module_event_pass
Feb 26 18:43:16 	unbound 	41945:1 	info: finishing processing for ns2.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving ns2.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: iterator operate: query ns2.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	debug: iterator[module 0] operate: extstate:module_state_initial event:module_event_pass
Feb 26 18:43:16 	unbound 	41945:1 	debug: sending to target: <cnet.com.>193.108.91.230#53
Feb 26 18:43:16 	unbound 	41945:1 	info: sending query: www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: new target ns.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: new target ns2.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: new target ns3.cnet.com. AAAA IN
Feb 26 18:43:16 	unbound 	41945:1 	info: processQueryTargets: www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving (init part 3): www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving (init part 2): www.cnet.com. A IN
Feb 26 18:43:16 	unbound 	41945:1 	info: resolving www.cnet.com. A IN</cnet.com.></cnet.com.>

      So am i reading this correctly? (That i am seeing a reply) and if so why is it not resolved?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.