Intermittently losing DNS



  • I using pfsense 2.4.4 and just recently noticed intermittently I'm loosing my DNS. When I ping www.google.com from my computer I get Host name lookup failure. I'm using Quad9 DNS servers over TLS. Adding 208.67.220.220 to the System/General setup/DNS Server Settings will fix it.
    I've tried upgrading to 2.4.4_1 and getting the same problem. I believe this problem started after trying to migrate to new hardware but I'm back on the original pfsense box without any configuration changes.
    I have no idea what the issue is.



  • I've noticed that sometimes some of the public servers intermittently fail when using DNS over TLS or DNSSEC.



  • I'm not sure but I think the intermittent loss of DNS was due to running out of memory. After I removed snort which was eating up my memory the intermittent nature resolved. Does that sound like that issue would cause that problem?

    My DNS stops working when I enable Quad9 DNS servers over TLS. Here are my settings.

    0_1545097011864_TLS-00.jpg
    Firewall/rules/LAN
    0_1545097019903_TLS-01.jpg
    System/General Setup/DNS Server Settings
    0_1545097025507_TLS-02.jpg
    Error in web browser
    0_1545097031263_TLS-03.jpg



  • Could a problem with the ntp server cause dns issues?
    I reset my system clock to the correct time and changed the NTP server to the WAN interface.
    So far DNS is working.
    Is the best way to check looking at the DNS resolver log and seeing entries with "A IN NOERROR 0.057908 0 58" in it?



  • @naskar

    Quad9 appears to have issue resolving when using DNSSEC from recent testing I and others have done recently. Sometimes a refresh or two is required to load the page.



  • A correct time is very important for DNSSEC.



  • @xentrk said in Intermittently losing DNS:

    @naskar

    Quad9 appears to have issue resolving when using DNSSEC from recent testing I and others have done recently. Sometimes a refresh or two is required to load the page.

    Would I be better off switching to Cloudflare’s DNS service?

    @gertjan said in Intermittently losing DNS:

    A correct time is very important for DNSSEC.
    Can you have DNSSEC and Use SSL/TLS for outgoing DNS Queries to forwarding servers?