Additional DNS addr?
-
I have a SG2220 that I have set up as a firewall, but primarily to maintain an OpenVPN connection that all my traffic goes thru. My have a dynamic IP from my ISP and use their DNS services, however lately I'm getting a lot of "not founds" and have to re-load pages. I'd like to add 8.8.8.8 to the list in pfSense. Can someone explain how I can go about doing this? A pointer to a doc would be fine.
thank you.
-
Hi,
That why the Resolver was invented.
It's even activated by default, so there is nothing to do when you install pfSEnse.
No need to use the DNS that your ISP offers you. No need to give all your requests to 8.8.8.8 (someone has to tell why so many people like to give their request to 8.8.8.8 - I like Google to but not at that point).Like you, I'm using an ISP. Never had issues using the Resolver.
Btw : the Resolver uses de 12 or 13 "master" DNS root servers, the ones that serve the entire Internet, and drills down from there => root => tld => domaine name servers => your info. The fastest wins, you always get guaranteed info, DNSSEC certified if present.
-
So you changed from the default config and point to your isp dns?
More than likely if sending all your traffic out a vpn, you would never be able to talk to your ISP dns - since many of them block you unless your on their network, which a vpn IP address would not be, etc.
So while you might be having problems resolving something - why don't you look into why that might be…
What have you done so far to isolate the problem... What fqdn are you trying to resolve, what do you get when you try and resolve that in pfsense diag dns lookup. What do you get from a client on your network using your fav dns lookup tool, dig, nslookup, host ?
-
Maybe your DNS searches are going through the tunnel, and times out because Your-Site –-> Remote-Site ---> DNS lookup. Ping your DNS and see how long it's taking.
-
So you changed from the default config and point to your isp dns?
Umm, no. All I can say is that up until recently its been fine, but now it seems that half the time I try to bring up a page I get a message from Chrome with a message indicating a DNS failure. If I click "reload", the page loads. I assumed this mean a flaky DNS service and I assumed pfsense was just passing the DNS addrs from the ISP onto the connected PCs.
So what you're saying is the pfsense is disregarding any servers that the ISP provides and is using it own set? If that's the case, then what's up with all the failures I'm experiencing? How do I trouble shoot this? Where do I look in pfsense to ensure this service is on and functioning?
thanks, Larry
-
Under diagnostics, dns lookup
Put something in there you are having a problem with looking up.
Do a dig fqdn +trace from your client.. This will walk down from roots just like pfsense out of the box would.
