DNS Resolver not working with 'out of box' install (forwarder fine)
-
All,
I am relatively new to pfsense. But I set up a dedicated box a couple of weeks ago. Just to get the the internet and network up and running, I used the DNS forwarder option.
Now I was looking at getting pfblockerng working, which of course needs resolver.
On my main pfsense box, I have a working config of multiple VLANs, OpenVPN server and client (still using DNS forwarder). I was reading up on basic guides for DNS resolver and there does not seem much to it to get it working. So I thought, I may have messed a config somewhere on my main box.
So I set up an entirely different pfsense box, with a fresh install and absolutely minimum configuration - WAN and LAN. I am experiencing the same problem with getting resolver working.
My setup is a ISP router (cannot do modem mode) --- pfsense. The ISP router has its firewall and most other things disabled. But I have still 'opened/port forwarded' UDP/53 on it.
Is my ISP (Vodafone UK) blocking me from using resolver or is there something simple I am missing?
Thanks in advanced.
-
The DNS resolver, by default, acts as a Resolver. This means it will contact the root DNS servers and other authoritative DNS servers directly. Some providers do not like this, they want you to use their DNS servers or they believe you are attacking other DNS servers or other similar nonsense to control what you do.
The DNS resolver can act as a forwarder as well, simply check the box in its settings to enable that behavior. You will probably also have to disable DNSSEC.
-
@jimp Disabling DNS sec is what did it. Previously I had just checked the forwarding check box without removing DNS sec.
Thanks for the help.
