[multiwan] OPT1 interface has no DNS server.
-
Hi all,
During pfsense configuration, I experienced a problem with DNS Servers which doesn't properly config in OPT1 interface.
My goal is setting up a pfsense acted as network gateway that can switch to another ISP instantly if my main ISP is down (Multi-WAN). But this goes only one way, as my main ISP has much better throughput.(only LinkFailover)
Previously, I have setup pfsense with linkfailover according to Multi-WAN tutorial. I have setup firewall for LAN properly. The problem is when linkfailover is in effective, OPT1 (Tier2) misses DNS Server. This is what I figured out. As the picture below, every time I configure DNS Server, it only goes under WAN interface. It seems that OPT1 never got DNS server configured on it even I set it in DNS setting page.
Do you have any idea what should I do in order to add DNS server to OPT1 interface?
Feel free to ask for my clarification if I didn't explain well enough. Sorry for my bad English.
Thank you in advance. :)
-
What is in front of the pfSense firewall? 2 pure modems or two real routers?
-
@BlueKobold:
What is in front of the pfSense firewall? 2 pure modems or two real routers?
There are two real routers for two different ISPs. One connects with main WAN. Another connects with backup ISPs in OPT1 interface. This pfsense will act as firewall itself.
I would like to explain more about my case. Here's the thing.
The pfsense did have linkfailover. It can switch traffic when I remove cable from WAN. Though, it can only connect through IP. It can't resolve any domain name at all. That's what I figured out and then, I found that DNS Server is missed from the status as picture I attached.Thank you for your kindly reply :)
-
There are two real routers for two different ISPs.
Ok, that is simple then, please set up on each WAN Interface of pfSense a static IP address from the scope of the routers in front of.
As an example:
Router 1 with network 192.168.5.0/24 and IP 192.168.5.1/24
Router 2 with network 192.168.10.0/24 and IP 192.168.11.1/24WAN 1 (with Router 1 in front of) will get then the static IP address 192.168.5.250/24 and DNS 192.168.5.1/24
WAN 2 (with Router 2 in front of) will get then the static IP address 192.168.11.250/24 and DNS 192.168.11.1/24
The second DNS filed leave empty please.That is preventing you served by the routers DHCP server to get even e new WAN IP from time to time.
You can now do a load balancing and fail over if you want, I would suggest policy based routing and fail over to chose. -
Hi BlueKobold, :)
Yes, I did static IP addresses on both interface without DHCP setting. But I'm not sure about DNS server. As when I set DNS server via web UI, the result appears as the picture.
What do you mean "The second DNS filed leave empty please." ?
Could you please explain more about configure DNS section.But I will try setting DNS again to see if it works :)
Thank you
@BlueKobold:
WAN 1 (with Router 1 in front of) will get then the static IP address 192.168.5.250/24 and DNS 192.168.5.1/24
WAN 2 (with Router 2 in front of) will get then the static IP address 192.168.11.250/24 and DNS 192.168.11.1/24
The second DNS filed leave empty please.That is preventing you served by the routers DHCP server to get even e new WAN IP from time to time.
You can now do a load balancing and fail over if you want, I would suggest policy based routing and fail over to chose. -
But I will try setting DNS again to see if it works :)
Set the IP Address from Router 1 as the DNS Address in WAN 1 and from Router 2 in WAN 2 and please deactivate the DHCP Server
on that both routers please. To get a 100% qualified connection without disturbing and breaks. Then please enter on both Routers
as DNS goggles DNS Server IP Address or take the one from your ISP please. -
I've been having problems with DNS as well. Using a fresh install of pfSense, I followed the online instructions to the letter. I think the problem is that the people who write the instructions are not using a fresh install and have other settings enabled that a fresh install has disabled.
Also, the Status Interfaces not showing DNS settings on OPT1 (or WAN2 depending how you've labelled it) is a red herring. Even with a working DNS service when the WAN is down, the status page only lists DNS settings on the WAN Interface section and not the OPT1/WAN2 section.
A few things I found which weren't in the instructions which eventually allowed DNS service to work when WAN was down:
1. On System->General Setup page uncheck the option DNS Server Overrride.
2. Also On System->General Setup page check the option Disable DNS Forwarder (See Note 1 below).
3. On Services->DNS Resolver page check the option Enable (This should be checked already because of step 2).
4. Also on Services->DNS Resolver page check the option DNS Query Forwarding (See Note 2 below).Note 1: Checking the Disable DNS Forwarder option does not disable the DNS Resolver it actually enables it (Which is very misleading).
Note 2: On a fresh install of pfSense this option is disabled by default. Perhaps the people that write the multi-lan instructions don't realise this.
-
Thank´s RussellA, this helped me. Now I have dual wan connection (Load Balancing) and second WAN2 works well.
-
Also, the Status Interfaces not showing DNS settings on OPT1 (or WAN2 depending how you've labelled it) is a red herring. Even with a working DNS service when the WAN is down, the status page only lists DNS settings on the WAN Interface section and not the OPT1/WAN2 section.
A few things I found which weren't in the instructions which eventually allowed DNS service to work when WAN was down:
1. On System->General Setup page uncheck the option DNS Server Overrride.
2. Also On System->General Setup page check the option Disable DNS Forwarder (See Note 1 below).
3. On Services->DNS Resolver page check the option Enable (This should be checked already because of step 2).
4. Also on Services->DNS Resolver page check the option DNS Query Forwarding (See Note 2 below).I tried this, it works for the internet, but the NAT stopped working. I have a NAT that goes to OPT1, and I have set the firewall rules manually to set that gateway.