DNS server in pfsence prevent connecting to this DNS server for more than 1 hop?
-
I happen to find a pretty weird issue when I do the home lab in GNS3 server. The pfsense is running in latest version 2.4.3.
Other router is mikrotik or cisco CSR1000v.
other router –> pfsense --> Internet
If we set up 8.8.8.8 as DNS server in pfsense, other routers also set up 8.8.8.8 as DNS server, they all work properly.Microcore Linux -->other router --> pfsense --> Internet
If we set up 8.8.8.8 as DNS server in pfsense, other routers also set up 8.8.8.8 as DNS server, they all work properly. However, if we set up Microcore Linux with DNS server 8.8.8.8, it cannot ping 8.8.8.8.other router A --> other router B--> pfsense --> Internet
If we set up 8.8.8.8 as DNS server in pfsense, other routers also set up 8.8.8.8 as DNS server. Router A cannot ping 8.8.8.8, Router B can ping 8.8.8.8.DNS server in pfsence could prevent DNS request for more than 1 hop????
If I delete the DNS server setting in pfsense, all three examples work properly with pinging to 8.8.8.8.When ping cannot work, the DNS resolving is not working too.
-
Setting a GATEWAY on a DNS server in System > General creates a host route for that IP address out that - and only that - interface.
Perhaps that is making it appear to be behaving in an unexpected manner.
-
Dude if you have downstream routers you have to configure them or no they will not be able to get out to the internet. What is the connection of these downstream routers to pfsense, are you doing natting are they on a transit?
Router A – Router B --- pfsense
This gives no information at all to try and help you... Draw up your network and put in networks your using and routes, etc.
-
Setting a GATEWAY on a DNS server in System > General creates a host route for that IP address out that - and only that - interface.
Perhaps that is making it appear to be behaving in an unexpected manner.
Hello, thanks for reply. pfsense has Internet access now. Surely, it has a gateway. As I said in the description, they are able to ping to 8.8.8.8 or resolve Google.com when the hop is not more than 1. The other routers have set up the default route to pfsense.
-
Dude if you have downstream routers you have to configure them or no they will not be able to get out to the internet. What is the connection of these downstream routers to pfsense, are you doing natting are they on a transit?
Router A – Router B --- pfsense
This gives no information at all to try and help you... Draw up your network and put in networks your using and routes, etc.
Hello, thanks for reply. pfsense has Internet access now. Surely, it has a gateway. As I said in the description, they are able to ping to 8.8.8.8 or resolve Google.com when the hop is not more than 1. The other routers have set up the default route to pfsense.
Okay, actually, there is an ASA after pfsense like
other router –> pfsense --> ASA ---> Internet
There is no NAT between pfsense and ASA. In addition, other routers, pfsense, ASA are configured using OSPF for routing.
-
Dude you could have 30 "hops" if you wanted…
But you have to have it setup and working..
Can your downstream client ping pfsense IP?
"The other routers have set up the default route to pfsense. "
Your downstream router A in your ascii art default gateway sure and the F would not be pfsense..
What are the networks involved in all your different hops? So all your downstream routers are connected via transit networks? With their client networks hanging off them.. Or do you have a natting nightmare going upstream? With possible overlaps of your networks, etc.
Draw up this up or nobody is going to be able to help you find were your problem is. Unbound or pfsense doesn't give 2 shits how many hops away you are..
-
I was referring to setting a GATEWAY on the DNS SERVER configured in SYSTEM > GENERAL exactly as I stated.
This has nothing to do with the default gateway the firewall might have for general routing. In fact, it overrides this for THAT DNS SERVER ADDRESS.
