SOLVED - New install - ping to FQDN fails. No DNS requests are resolved.

logbuilder · Sep 9, 2017, 9:29 PM

New pfSense install on I5 mini PC. I've tried many things and none seem to work. Have consulted with others in other forums that had experience with pfSense but problem remains. Any ideas for resolution will be greatly appreciated!

The basic problem:
With a brand new install of 2.3.4, my laptop attached to the pfSense LAN can not ping a FQDN. All DNS seems to fail. Pings to numeric IPs work fine.

Environment:

I5 miniPC with 4 intel nics
freeBSD, VGA console build ver 2.3.4
Fresh reload of pfSense from a bootable thumb drive that was flashed with pfSense-CE-memstick-2.3.4-RELEASE-amd64 from pfSense download pages
Only wizard config has been done. No rules other than default
ISP is Exede satellite internet via their modem
pfSense WAN plugged directly into the Exede modem
Win 8.1 laptop plugged info psSense LAN port

Observations:

The exede modem is providing an external IP address to pfSense. I see it on the status page.
LAN standard config with LAN being 192.168.1.1
Laptop is being assigned 192.168.1.100 by pfSense DHCP
From the pfsense Diagnostics tab I can ping 8.8.8.8 as well as www.google.com on the WAN interface, both with good results
From the laptop in cmd, I can ping 8.8.8.8 with good results
From the laptop in cmd, pinging www.google.com it says the name can not be resolved.
With my tp-link router plugged into the Exede modem and my laptop plugged into the tp-link (psSense totally disconnected), all works as expected. In fact, that has been my config for years.

Here is the ipconfig status from the laptop (some addresses xx'd out and disconnected media omitted) :

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 38-63-BB-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b47c:xxxx:xxxx:xxxx%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 9, 2017 12:19:49 PM
Lease Expires . . . . . . . . . . : Saturday, September 9, 2017 2:57:25 PM
Default Gateway . . . . . . . . . : fe80::1:1%3
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 54027195
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-8E-2C-73-38-xx-xx-xx-xx-xx

DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.localdomain:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

pete · Sep 9, 2017, 10:14 PM

@Logbuilder

Guessing here that Excede DNS servers IP's are:

edns02.wildblue.net ['75.104.233.7']
edns03.prod.wdc1.wildblue.net ['75.104.236.8']
edns01.prod.wdc1.wildblue.net ['75.104.236.7']
edns04.wildblue.net ['75.104.233.8']

Is this what you see using Excede?

If so try this:

Checking google dns server first:

nslookup redhat.com 8.8.8.8

nslookup -port 53 redhat.com 8.8.8.8

nslookup -port 5353 redhat.com 8.8.8.8

then an Excede DNS server

nslookup redhat.com 75.104.233.7

logbuilder · Sep 9, 2017, 11:13 PM

@pete Thanks for the reply. These results seem interesting. Hopefully they make sense to you.

As assigned from Exede modem:

IP Address:
172.242.247.xx
Subnet Mask:
255.255.240.0
Default Gateway:
172.242.240.1

DNS Primary: 99.196.99.99
DNS Secondary: 99.197.99.99

I did the commands you suggested. Here are results:

nslookup redhat.com 8.8.8.8 - worked properly
nslookup -port 53 redhat.com 8.8.8.8 - didn't work due to syntax error. Maybe -port is not supported in windows?
nslookup redhat.com 99.196.99.99 - worked properly
nslookup yahoo.com - failed due to timeout. Server was pfsense.localdomain and Address was 192.168.1.1

pete · Sep 10, 2017, 12:57 AM

Thank you Logbuilder.

Apologies. The Windows command line nslookup stuff is a bit different than in Linux.

Most important info is the Excede DNS servers:

DNS Primary: 99.196.99.99
DNS Secondary: 99.197.99.99

Next go to:

System tab
General Setup
DNS Server Settings

What are the IPs of the DNS servers configured?

logbuilder · Sep 10, 2017, 1:21 AM

@pete

In pfSense machine when attached to Exede modem:

In System/General, the only DNS entry showed 'none'. There were two options in the drop down. I didn't change a thing.

In looking at the System Information on the main page, I see this:

DNS server(s)
127.0.0.1
99.196.99.99
99.197.99.99

BTW, I just looked in System/DNS Resolver and see that it is checked Active.

pete · Sep 10, 2017, 3:20 AM

Skipping steps here and will rewind a bit.

Do the following:

Enter the two DNS servers:

99.196.99.99
99.197.99.99

Here:

System tab
General Setup
DNS Server Settings
and
on the right drop down put your WAN interface for each DNS server IP.

Go to
Services
DNS Resolver

uncheck the box

Enable DNS resolver

Click on Save on the bottom of the page

Do you have a monitor / keyboard connected to your PFSense Box?

If you do enter 8 (shell) for a terminal prompt.

Rewind part:

Excede hijacks any DNS queries and redirects the queries to their DNS servers. Reading a bit you can bypass the bypassing by using non standard DNS ports. IE: 5353 for google DNS entries.

Go back to your PFSense Dashboard.

logbuilder · Sep 10, 2017, 3:02 AM

On my System/General screen, I don't have an option to add a specific IP address as a DNS Server. A drop down next to the selection only has 3 choices. Attached is a screen print. I do seem to remember that on the DNS Resolver screen you can add specific DNS entries. I also recall that in the install wizard would have allowed me to enter specific IPs for DNS servers but I left them blank. I imagine that would have established them for the Resolver. I have disabled the DNS Resolver as you requested. Still not resolving.

![ADD DNS Servers screen.jpg](/public/imported_attachments/1/ADD DNS Servers screen.jpg)
![ADD DNS Servers screen.jpg_thumb](/public/imported_attachments/1/ADD DNS Servers screen.jpg_thumb)

pete · Sep 10, 2017, 4:03 AM

Yes just enter first DNS IP and pick the WAN_DHCP on the right.

Click on the + to add second DNS IP and pick the WAN_DHCP on the right.

Save settings.

Were you able to get to the shell command line prompt from the PFSense command line menu?

At this prompt try doing some nslookup stuff at this prompt.

What do you see when you do this?

Exit to exit the terminal window will bring you back to the menu.

For the Windows PC do a release on the DHCP IP request a new DHCP address or reboot computer, then go to a terminal windows and try doing some nslookups. For the browser clear the browser cache.

The use of a non standard DNS port concern has been brought up here on the forum.

Not sure how your speeds will be affected using the unbound DNS resolver enabled. Try it and see what happens.

hxxps://forum.pfsense.org/index.php?topic=127892.0

the install wizard would have allowed me to enter specific IPs for DNS servers but I left them blank.

The Wizard will install the DNS entries in the settings mentioned above.

logbuilder · Sep 10, 2017, 4:03 AM

Got the 2 servers added (99.196.99.99 and 99.197.99.99. I was looking at that screen wrong.

From Diagnostics screen I entered command prompt. Results:

nslookup yahoo.com - worked fine
nslookup redhat.com 8.8.8.8 - worked fine

Back on my win laptop:

Unplugged ethernet cable to refresh the DHCP.
Checked ipconfig to confirm it refreshed. It did.
Did some pings and nslookups with FQDNs.
IT WORKS!
Also was able to surf to a web page so DNS got a small workout. Didn't see any broken links.

It is resolving using 99.196.99.99

What I want to do now is power everything down and bring it all back up and make sure it still works.
I'll report report back in a few minutes.

My POST of this reply will be from the pfSense machine.

logbuilder · Sep 10, 2017, 4:23 AM

Powered down Exede modem, pfSense firewall, laptop.
Powered all on.
Ran several tests and it is working.

Thanks so much for your help @pete

So to recap what I think we did:

Turned off DNS Resolver. This apparently removed 127.0.0.1 from my DNS server list.
In System/General we added two external (Exede in my case) DNS servers

That's great! Just backed up the config.

That was the first step in my network reconfig. Next I need to add three routers all in AP mode to LAN, OPT1, OPT2.

pete · Sep 10, 2017, 4:58 AM

Great news logbuilder!