No DNS resolution on LAN

Reply to No DNS resolution on LAN on Tue, 26 Jun 2018 10:20:13 GMT

johnpoz — Tue, 26 Jun 2018 10:20:13 GMT

@alexis-girardi said in No DNS resolution on LAN:

if I don’t state a server dig doesn’t send a request

What version of dig are you using? I have seen this on 9.12 versions if dns not in the resolv.conf file, etc.. On windows I have not tried 9.12 on other OSes So you have to place default NS in this file

If you want to validate client dns resolve - you should use its built in client.. Something as simple as a ping for example to validate it can resolve.

Reply to No DNS resolution on LAN on Tue, 26 Jun 2018 09:33:07 GMT

alexis.girardi — Tue, 26 Jun 2018 09:33:07 GMT

I have tried with another client (Windows) and it works perfectly! There is an issue on my first client, but my solution is designed to work with Windows clients so I will not investigate more for this time.

Thank you for your time and your answers!

Have a nice day.

Reply to No DNS resolution on LAN on Mon, 25 Jun 2018 20:47:20 GMT

viragomann — Mon, 25 Jun 2018 20:47:20 GMT

That's very strange.

I guess there is something wrong with your client. Have you tried another one? Are you sure it uses Network Manager?

Reply to No DNS resolution on LAN on Mon, 25 Jun 2018 17:17:42 GMT

alexis.girardi — Mon, 25 Jun 2018 17:17:42 GMT

The DHCP configuration provide 8.8.8.8 and 8.8.4.4 as DNS servers. Confirmed with nmcli dev show.

I have made a tcmdump to monitor dig requests and if I don't state a server dig doesn't send a request. It's a weird behaviour, because when I plug the client on the pfSense I can see that the client is sending request to 8.8.8.8 for A detectportal.firefox.com, so if the client is using 8.8.8.8 it's that the DHCP configuration is correct. I have no idea on what is wrong

The firewall is allowing access to DNS because when I state a server the resolution is working.

Reply to No DNS resolution on LAN on Mon, 25 Jun 2018 15:25:43 GMT

viragomann — Mon, 25 Jun 2018 15:25:43 GMT

So what DNS is requested by the client if you don't state a server? A public one or the pfSense DNS Resolver / Forwarder?

The dig output will reveal which server is requested.

Is the access to the DNS server permitted by firewall rules?

Reply to No DNS resolution on LAN on Mon, 25 Jun 2018 15:15:52 GMT

alexis.girardi — Mon, 25 Jun 2018 15:15:52 GMT

Yes, I have configured DHCP for LAN, I made two tests, one with the DNS servers from my ISP and one with Google public DNS (8.8.8.8 / 8.8.4.4).

I think the DNS resolver of the client is working because when I plug the client directly to the WAN network the resolution is working. (The client is a Debian Jessie).

Reply to No DNS resolution on LAN on Mon, 25 Jun 2018 14:52:04 GMT

viragomann — Mon, 25 Jun 2018 14:52:04 GMT

So obviously the DNS server you use on the client can't resolve public names or is not reachable.

Do you provide DNS server by DHCP? Which DNS is used on the client?