[SOLVED] DNS resolver- PFSENSE unable to resolve dns's

interested_party · Dec 26, 2017, 11:43 PM

Hi,

quick background, I'm interested in running dns resolver on my pfsense server 192.168.1.1 where my dns's get resolved using johnpoz
example https://forum.pfsense.org/index.php?topic=133481.0
"Hey root servers who is NS for .com
Hey .com NS who is NS for domain.com
Hey domain.com NS what is IP of www.domain.com"

current situation, after setting DNS resolver up, my current situation is:

on my pfsense server , pfsense cannot do any resolution of any DNS's.
such as
diagnostics-> DNS Lookup, all take a long time and fail.
NTP server lookup fails on pfsense, it can't resolve the dns
PFBlocker DNSBL lists downloads all fail, as it cannot resolve the lists url, and firewall rules that use domain name
DNS lookups from all clients on the network that is using pfsense as the dns resolver works great. i.e. all clients have 192.168.1.1 as their dns, and speed is great.

Main Question, How can i configure pfsense to properly resolve dns's without adding dns servers, or if needed use itself to resolve dns's? further below i played around with resolv.conf

if i add DNS server's like opendns or quad9 back into my general settings, everything resolves within pfsense properly, after removing the dns's from general settings, is when pfsense stops resolving [clients of pfsense still work], From what i have read, i should keep the dns's in general settings blank to let dns resolver do its job, from https://forum.pfsense.org/index.php?topic=139442.0

Current Configuration where pfsense cannot resolve DNS's:

–- General -> Settings ---

DNS Server settings = blank.
DNS Server Override =Unchecked
Disable DNS Forwarder =Unchecked [tried checked and not checked as a test]

timeservers = [populated with a dns but not resolving, i get an error on my dashboard]

–-DNS Resolver Settings---

Enable is =Checked.
Listen Port= 53
Network Interfaces [LAN]
Outgoign Network Interfaces [WAN]
System Domain Local Zone Type [Static] - using johnpoz setting https://forum.pfsense.org/index.php?topic=115523.0
DNSSEC Enabled =Checked
DNS Query Forwarding =Unchecked
DHCP Registration =Checked
Static DHCP= Checked
Hide Identity= Checked
Hide Version =Checked
Prefetch Support =Checked
Prefetch DNS Key Support= Checked
Serve Expired = Unchecked
.. remaining is default ..
Experimental Bit 0x20 Support Checked

–resolv.conf---

Cat /etc/resolv.conf
results in
search localdomain

if i overwrite /etc/resolv.conf with a custom mapping
search localdomain
nameserver 192.168.1.1

pfsense is able to lookup timeserver and do a diagnostics dnslookup on an address, however after a minute or so the resolv.conf gets overwritten back to
search localdomain

and local pfsense dnslookups stop working.

general settings doesn't let me use 192.168.1.1 as a dns server, the drop down only says WAN.

thank you for your time and help.

johnpoz · Dec 24, 2017, 9:39 AM

pfsense should be be pointing to itself for dns if your using unbound.. That is how it would be out of the box with unbound listening on all interface - if you edited what interfaces it listens on you need to make sure localhost is included and pfsense points to loopback.

Which looks like you undid on the listen interfaces since you only have lan listed

Network Interfaces [LAN]

Disable should be unchecked.. See pic below for how it should be setup.

interested_party · Dec 26, 2017, 11:42 PM

:D That resolved the issue, thank you very much for your time and help!

darlingyow · Jan 12, 2021, 10:55 AM

@johnpoz Hi Can you resend the pic. I have the same issue. cant view the pic

johnpoz · Jan 12, 2021, 11:06 AM

@darlingyow

Wow this old ;)

To use unbound as resolver - this is default out of the box. But if you have changed stuff. you need to make sure you haven't disabled pfsense from using itself for dns (127.0.0.1/localhost)

And you need to make sure that unbound is listening on localhost (127.0.0.1) if you have unchecked the ALL (default)

Here pic