Cannot resolve hostnames

WDen · Jun 21, 2017, 7:49 PM

Hello,
I have a pfSense setup like so:

Internet>ISP Modem(gateway functionality disabled)>pfSense(2.3.4-RELEASE (amd64))>switch>computers
                                                                                      |-->Wireless router setup as AP

Everything was working correctly until last night, when suddenly clients cannot resolve hostnames anymore.

I am using DNS Resolver with the following configuration:


Enabled
Network Interfaces: All
Outgoing Network Interfaces: All
System Domain Local Zone Type: Transparent
DNSSEC: Enabled
DNS Query Forwarding: Disabled(unchecked)
DHCP Registration: Disabled(unchecked)
Static DHCP: Disabled(unchecked)

Firewall rules are as follow:


	* 	* 	* 	LAN Address 	443
80 	* 	* 		Anti-Lockout Rule 	
	IPv4 * 	LAN net 	* 	* 	* 	* 	none 	  	Default allow LAN to any rule 	
	IPv6 * 	LAN net 	* 	* 	* 	* 	none 	  	Default allow LAN IPv6 to any rule

On my Dashboard, DNS Servers only shows 127.0.0.1. Note that before this showed the ISPs DNS servers, I still had the same issue.

From pfSense, I can run ping, DNS Lookup, both work properly. I've also run dig cnn.com from shell and it works.

From Client computer, I can ping 8.8.8.8, pfSense(192.168.1.1), I can ping WAN IP and WAN Gateway IP. I cannot ping www.google.com.
Nslookup returns the following:


Default Server:  UnKnown
Address:  192.168.1.1

> set debug
> www.google.com
Server:  UnKnown
Address:  192.168.1.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0

------------
*** UnKnown can't find www.google.com: Query refused


nslookup www.google.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:400b:808::2004
          172.217.0.228

I have uninstalled all packages. I also noticed that when I use a DNS Server that is not pfSense(192.168.1.1) everything works correctly.

Could anyone help me with this issue? I'm not sure what else to try other than Resetting to Factory defaults, but I would prefer not to have to do that.

Thanks.

lawrencedol · Jan 13, 2018, 2:00 AM

This is an old post, but I just resolved this exact issue, which in my case turned out to be having DNSSEC enabled. Try disabling DNSSEC to see if your clients can then resolve names.