Issue accessing internet

Stevenateha

Greetings everyone,

I am new to pfsense and trying to configure it. the problem I am facing is related DNS resolution. When I enter DNS manually for client system internet works but when removed it doesn't. I have enabled DHCP, still I cannot access internet.

Kindly help.

Regards
Steven

KOM

In your DHCP Server config, are you offering any DNS servers to your clients?

johnpoz

Out of the box pfsense would resolve and its dhcp server would point to pfsense IP the dhcp server is running on for clients.

If dns resolving it not working, you would have to troubleshoot why.. Maybe your isp is intercepting dns which is breaking resolving, etc.  Under diagnostic menu of pfsense can it look up stuff like www.google.com or pfsense.org?

Stevenateha

@KOM first i offered 8.8.8.8 n 8.8.4.4 as dns but didnt make any difference.

Stevenateha

@john
I hv tested using dns lookup. Results came ok.

johnpoz

Ok then from a client do a query.. simple nslookup or dig or host, etc..

dig www.google.com

; <<>> DiG 9.11.2-P1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64214
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.        3600    IN      A      172.217.4.100

;; Query time: 62 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Fri Feb 16 13:37:05 Central Standard Time 2018
;; MSG SIZE  rcvd: 59

You can see that is client asking pfsense for www.google.com

Here is same thing with nslookup

nslookup www.google.com
Server:  sg4860.local.lan
Address:  192.168.9.253

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4009:800::2004
          172.217.4.100

Visseroth

If you are on satellite they are notorious for hijacking DNS and blocking all other DNS traffic.

Make sure either DNS Forwarder or DNS resolver is enabled but NOT both. Most use DNS Resolver.

Make sure you've selected your network interfaces correctly and selected Localhost but not Localhost on the Outgoing Network Interfaces. Outgoing is for querying up stream DNS servers for Internet related stuff.

Go to System -> General Setup and at the bottom tick "Allow DNS server list to be overridden by DHCP/PPP on WAN" and test again and see if you get any traffic. Restart the machine to be sure all services fired correctly if you still don't get traffic.

If you still don't get traffic thing do something like…

ping 8.8.8.8

and

ping google.com

and see if one gets traffic. If no on both then you have another issue. Could be rule related. If yes on the IP but no on google.com then you have a DNS resolution issue.