Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS not working suddenly

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NasKar
      last edited by

      My system was running great and now DNS isn't working all the time. Maybe it works only with sites that are cached.

      On my pfsense nslookupand ping www.google.com works.
      From windows 10 CMD line it doesn't.

      I've tried rebooting the router, loading a previously working config without luck.
      Replacing the router with my Verizon router works.

      My settings
      General DNS 208.67.222.222 208.67.220.220
      –-DNS Resolver Settings---

      Enable is =Checked.
      Listen Port= 53
      Network Interfaces ALL
      Outgoign Network Interfaces ALL
      System Domain Local Zone Type - transparent
      DNSSEC Enabled =Checked
      DNS Query Forwarding =Unchecked
      DHCP Registration =UnChecked
      Static DHCP= Checked
      OpenVpn Register
      Custom=server:
      Private-domain: "plex.direct"

      I have no idea what happened or how to diagnose or fix it.

      Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
      2 CPUs: 1 package(s) x 2 core(s)
      AES-NI CPU Crypto: No
      2 Gigs Ram
      SSD with ver 2.4.0
      IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        Hi,

        Your are (are you ??) using the DNS Resolver with default settings, that's great - it works, as it does for me for years now.

        Dono where this came from :

        @naskar said in DNS not working suddenly:

        General DNS 208.67.222.222 208.67.220.220

        Remove these, and you'll be fine with one click.

        Or : if you insist on using the OpenDNS, I advise you read something like Google and use these words : pfsense opendns setup. You'll discover the first link : Pfsense 2.3.1 with OpenDNS (Web filtering) ***
        All steps in this forum thread are needed. Like creating an account @opendns, implementing DynDNS-like setup with them if your WAN IP isn't static, switching from Resolver to DNS Forwarder because your will be forwarding most of your requests to OpenDNS, etc etc.

        Side effects are that you will loose DNNSEC and other Resolver DNS advantages.
        On the other hand : you'll be using OpenDNS.

        Btw : impossible of course to tell you why things stopped working for you. A lot of information is missing.

        *** I just checked that old thread. It's still valid as of today.
        True, the DNS Resolver unbound could be used to forward DNS requests to OpenDNS, but that isn't detailed over there.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • N
          NasKar
          last edited by

          @gertjan said in DNS not working suddenly:

          Remove these, and you'll be fine with one click.

          Thanks for the response. I don't know why but everything started working again. If I follow you correctly I should delete the General DNS entries to opendns as I would need to follow the link you provided to use openDNS and loose Resolver advantages.

          Would that be using my ISPs DNS servers?

          My original goal was to prevent my ISP from recording my web travels.

          Is there an alternative to opendns that would allow more anonymity?

          Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
          2 CPUs: 1 package(s) x 2 core(s)
          AES-NI CPU Crypto: No
          2 Gigs Ram
          SSD with ver 2.4.0
          IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            You should have a look at this https://www.netgate.com/blog/dns-over-tls-with-pfsense.html

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            N 1 Reply Last reply Reply Quote 1
            • N
              NasKar @Gertjan
              last edited by

              @gertjan
              Thanks for that link.
              What do you look for in the WAN packet capture to confirm DNS over TLS?

              Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
              2 CPUs: 1 package(s) x 2 core(s)
              AES-NI CPU Crypto: No
              2 Gigs Ram
              SSD with ver 2.4.0
              IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by Gertjan

                Well ... euh ..... capture TLS = SSL rubish = non readable.

                But, as said, you could capture packets that have the destination of
                forward-addr: 1.1.1.1@853
                forward-addr: 1.0.0.1@853
                thus both IP 1.1.1.1 and 1.0.0.1 both using port 853 and see what it looks like.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • T
                  tman222
                  last edited by

                  Here is a great video on DNS from the Netgate YouTube channel:

                  https://www.youtube.com/watch?v=-CISZn804WI

                  DNS over TLS is discussed specifically around minute 36 and there are also some additional commands suggested that can be used to check whether it is working properly.

                  Hope this helps.

                  N 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    Same video : 47min 15 sec to see how to lock down all clients so they will be using DNS-over-TLS.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • N
                      NasKar @tman222
                      last edited by NasKar

                      @tman222
                      Thanks for posting the link.
                      If I don't specify a gateway in the General Setup/DNS servers will it use the Cloudfare DNS for all my web surfing including when I'm connected to my VPN? ie. hide my DNS lookups when in a public wifi connected to the VPN.

                      unbound-control -c /var/unbound/unbound.conf dump_infra
                      
                      1.1.1.1@853 . ttl 429 ping 196 var 7 rtt 224 rto 224 tA 0 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0 rec 0 A 0 other 0
                      1.0.0.1@853 . ttl 428 ping 103 var 45 rtt 283 rto 283 tA 0 tAAAA 0 tother 0 ednsknown 0 edns 0 delay 0 lame dnssec 0 rec 0 A 0 other 0
                      

                      Do I have to have an SSL cert for my pfsense for this to work? I'm currently using a generic certificate to access the GUI on https.

                      Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
                      2 CPUs: 1 package(s) x 2 core(s)
                      AES-NI CPU Crypto: No
                      2 Gigs Ram
                      SSD with ver 2.4.0
                      IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.