Some sites won't load after a while

  • Hi!

    So I have been tying to google this issue, and it seems that there is a section in the docs for it ( The problem lacks in consistency so it appears, if I reboot my pfsense machine, I can access all pages. But as time passes, sites becomes unavailable. Some sites is partially available, but don't loading the CSS files correctly.

    Sites that is being unavailable is,,,

    Im running pfBlockerNG, but I have disabled it and evaluated, but the issue continues.
    I throttle all my traffic thru a OpenVPN connection, but if I connect to the same VPN on my local machine with tunnelblick, sites starts to work agin (or works perfectly when using!)

  • LAYER 8 Global Moderator

    what exactly happens when they do not load - its just your browser says can not find site.. Says the site times out, your just not loading css file?

    When you can not load site can you do a dns query for the fqdn your trying to access.  What are you using for dns - are you routing your dns through your vpn as well?

    Going to need more info to try and help you track down what the issue is.

  • dns query for the fqdn

    ➜  ~ dig
    ; <<>> DiG 9.8.3-P1 <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51517
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;			IN	A
    ;; Query time: 4 msec
    ;; SERVER:
    ;; WHEN: Mon Jan 22 18:51:26 2018
    ;; MSG SIZE  rcvd: 29
    ➜  ~ host
    Host not found: 3(NXDOMAIN)
    ➜  ~ host has address has IPv6 address 2a00:1450:400f:80b::2003 mail is handled by 10 mail is handled by 20 mail is handled by 30 mail is handled by 50 mail is handled by 40
    ➜  ~ dig
    ; <<>> DiG 9.8.3-P1 <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12440
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
    ;			IN	A
    ;; ANSWER SECTION:		288	IN	A
    ;; AUTHORITY SECTION:		62491	IN	NS		62491	IN	NS		62491	IN	NS		62491	IN	NS
    ;; Query time: 3 msec
    ;; SERVER:
    ;; WHEN: Mon Jan 22 18:51:58 2018
    ;; MSG SIZE  rcvd: 125
    ➜  ~

    What are you using for dns - are you routing your dns through your vpn as well?

    Im using three (3) custom DNS and I have tested them with namebench so they work, and I'm not sure if I'm routing DNS through my VPN.

    And have a look at the attachment on how the browser responses.

    EDIT: Seems to be occurring in random interval and random sites

  • LAYER 8 Global Moderator

    "status: SERVFAIL"

    You got a problem there with - when you say you your using 3 customer dns… So you turned off the default resolver unbound and enabled the forwarder.. Or did you enable forwarding in unbound?

    Out of the box pfsense resolves via unbound, it does not forward or use any sort of forwarding ns to anwhere.. It walks down the tree from roots til it gets for the authoritative ns for the domain your asking about..

    So you need to troubleshoot why your getting servfail as response when you query twitter.

    " Host not found: 3(NXDOMAIN)"

    NXDomain is completely different error than servfail - is what your using for dns on pfsense restarting?  NX is not that something had an error, but that what your looking for didn't exist, etc.

  • The DNS Forwarder is disabled.

    The DNS Resolver is enabled, and the only change I have made is to tic "DHCP Registration" so I can reach my machines easier.
    DNS Query Forwarding is unticked.

    DNS Server Override is unticked, to use my custom DNS list
    Disable DNS Forwarder is unticked (don't think I have touched this setting)

    And I added an edit to my last response, it seems to be random. Sometimes it is youtube, and twitter. The other time youtube and twitter works, but no or

    Otherwise it seems to work

  • LAYER 8 Global Moderator

    Well then your not forwarding your not using any 3 custom dns like you think your using..  Unbound resolves it does forward to what you put in the general tab..

    If you told it to register dhcp clients, its most likely restarting unbound.. Which would and could cause random issues with resolving stuff if unbound was restarting when your asking for stuff.

    Look in your logs to see if unbound is restarting.

  • Alright I checked the logs, and it seems that unbound randomly restarts.

    What should I do to properly get things up and running?

    (I like the option to be able to use hostnames like pfsense.local and other machine names)

  • LAYER 8 Global Moderator

    I use lots and lots of local names.. You shouldn't be using .local - states that right in the notes for when setting up your domain under general settings.

    Do not use '.local' as the final part of the domain (TLD), The '.local' domain is widely used by mDNS (including Avahi and Apple OS X's Bonjour/Rendezvous/Airprint/Airplay), and some Windows systems and networked devices. These will not network correctly if the router uses '.local'. Alternatives such as '.local.lan' or '.mylocal' are safe.

    I would turn off register dhcp… Just have it register reservations.. All devices you want to resolve most likely should have the same IP - so just setup a reservation for them, etc. so they always get the same IP..

Log in to reply