Set up new router - DNS server not resolving all websites.



  • Hello,
    new user for Netgate SG1100 router.

    Just configured a new SG1100 router on our business network.

    I left DNS resolver settings default out of the box.

    Some of our users were experiencing problems finding websites. Example, could not access Yahoo.com but Google.com worked.

    I have the internet providers DNS server addresses entered in WAN.

    What would be the issue?

    thanks
    mjc



  • That depends on the real problem. What was the exact error they were getting? Was it a DNS resolution problem? Or was it an SSL certificate problem? Or was it a timeout? etc etc.

    DNS Resolver works without needing any external DNS, right out of the box.

    Are you using any packages like squid? What packages are you running?

    Are you IPv6 at all, or just IPv4?



  • @KOM

    We would try to go to www.yahoo.com and the browser times out however if we go to google.com, it works just fine .

    We cache and history were cleared.

    We use Firefox and Chrome.

    We use IPV4.

    We don't use squid (yet) haven't had much time to try it out.

    Thanks
    Mjc


  • LAYER 8 Netgate

    We would try to go to www.yahoo.com and the browser times out however if we go to google.com, it works just fine .

    Times out with what error message?


  • LAYER 8 Global Moderator

    Out of the box unbound resolves.. What ns you put in or your isp hands you has zero to do with the process of resolving. If you have connectivity issues to the authoritative ns of a domain, then yes you would have problem resolving it.

    I would suggest you try and resolve them on pfsense with the dns lookup under diagnostic.. What do you get back?

    Best test for troubleshooting a resolver resolving something is to do a trace via dig.. So for example..

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig www.google.com +trace
    
    ; <<>> DiG 9.12.2-P1 <<>> www.google.com +trace
    ;; global options: +cmd
    .                       511134  IN      NS      a.root-servers.net.
    .                       511134  IN      NS      b.root-servers.net.
    .                       511134  IN      NS      c.root-servers.net.
    .                       511134  IN      NS      d.root-servers.net.
    .                       511134  IN      NS      e.root-servers.net.
    .                       511134  IN      NS      f.root-servers.net.
    .                       511134  IN      NS      g.root-servers.net.
    .                       511134  IN      NS      h.root-servers.net.
    .                       511134  IN      NS      i.root-servers.net.
    .                       511134  IN      NS      j.root-servers.net.
    .                       511134  IN      NS      k.root-servers.net.
    .                       511134  IN      NS      l.root-servers.net.
    .                       511134  IN      NS      m.root-servers.net.
    .                       511134  IN      RRSIG   NS 8 0 518400 20190512050000 20190429040000 25266 . bQWAaqwMGyuKJ43sy8YDogYmQbm0CPjSlIxhdSa5QhQXjWArYKeHpS/F oaoDGBoDxxTkNKDqhFp5NWZikNXGfzDr6VdYnWoRzhscK7gMC0UFdiLf HelwaJ8agLehlq9Hp6mX2AVUdTd0UfZcRioI3OS6azSMGEocNI96T4+9 AJ633UU62cSMEzxE/t+5U6p2Vc/JDwg4Ji9n9mPNJSN3oeBlyB4MXfLz 0/GpNbEagyWJOhWzpRyo4/DOTFxG8tyrnZWYLe88f8Brkdxm0AFg7xAh E55hO+57oGciCR0xffYvtJMX/oPll1Qa6tlGBBIZXtKwSsiktKA115Mw w6mLWQ==
    ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
    
    com.                    172800  IN      NS      j.gtld-servers.net.
    com.                    172800  IN      NS      b.gtld-servers.net.
    com.                    172800  IN      NS      g.gtld-servers.net.
    com.                    172800  IN      NS      k.gtld-servers.net.
    com.                    172800  IN      NS      a.gtld-servers.net.
    com.                    172800  IN      NS      e.gtld-servers.net.
    com.                    172800  IN      NS      l.gtld-servers.net.
    com.                    172800  IN      NS      i.gtld-servers.net.
    com.                    172800  IN      NS      c.gtld-servers.net.
    com.                    172800  IN      NS      f.gtld-servers.net.
    com.                    172800  IN      NS      d.gtld-servers.net.
    com.                    172800  IN      NS      m.gtld-servers.net.
    com.                    172800  IN      NS      h.gtld-servers.net.
    com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
    com.                    86400   IN      RRSIG   DS 8 1 86400 20190512050000 20190429040000 25266 . tTkPbW8rgi25lW2D3n/F2YWYIYhAXbAWdcNz2qSZWYb6VrmpEofgYzJ4 ECalwEEdPzL3LuJ6FAFrRxbbP9x0gyQIdjBmrh+S8w2pQZ/unKipZ0XX GRNidmWyvH0myDoE8Ae/BOat1UN0NbMSTHlTCFay4ObPvLtVMuKtD/9w URhpjL+tw0F0ItTjH82G3S/rLmWFffBuMD4j+plqKbQvufC1wLcz37J7 mrVrkYjZmp7rnOoDv0LxuR64C0rsZ1GiFC1/aqITXIEOQZ8sh2QLX98I EkQaonhG7Padh2Xq92UdIc4L9MddzdTT7nUbySy/0Gn+gkzRceYfEZJO QLl06Q==
    ;; Received 1174 bytes from 2001:7fd::1#53(k.root-servers.net) in 59 ms
    
    google.com.             172800  IN      NS      ns2.google.com.
    google.com.             172800  IN      NS      ns1.google.com.
    google.com.             172800  IN      NS      ns3.google.com.
    google.com.             172800  IN      NS      ns4.google.com.
    CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
    CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190503044426 20190426033426 3800 com. F93eyh7LoSe/qEEfNCYLGLM32BxFcqw+zM2hbjPuIMXi2GnWrjDmN3Nt JiaoJzf6IXKOA21Vjlr3HMDZZoV6CoK5V4GQscusO5V4sCfjJRj72cnV wThZnBOEU/uOtAwkv8jkO2IX/zeMU6GQl4fFvLSiA63hd9zdObQ1kes6 d6I=
    S84BDVKNH5AGDSI7F5J0O3NPRHU0G7JQ.com. 86400 IN NSEC3 1 1 0 - S84CFH3A62N0FJPC5D9IJ2VJR71OGLV5 NS DS RRSIG
    S84BDVKNH5AGDSI7F5J0O3NPRHU0G7JQ.com. 86400 IN RRSIG NSEC3 8 2 86400 20190504050246 20190427035246 3800 com. GqcU5mc0j7aKFwdVcJfoVzofSstDFw6+iF7BIQAwwu8/DInAHtmyn2Pk 4wy3uHRQr3J40QFy9ISrDrpT9Vuhlnv7+ZIQ0q1+hJNW7yvEYzBGHc9M j0eYUe7P9Tcmy9G4VJswEBzrgr2rzX6Jbh38d87IArVF6UI1B9PMESQw 8NA=
    ;; Received 776 bytes from 2001:503:d414::30#53(f.gtld-servers.net) in 39 ms
    
    www.google.com.         300     IN      A       216.58.192.228
    ;; Received 59 bytes from 216.239.34.10#53(ns2.google.com) in 27 ms
    
    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: 
    

    This could point out what part of the resolving process you could be having issues with.

    If your isp is dicking with your dns queries, then yeah you could have issues trying to resolve as well.

    if your on some really high latency connection, like sat or something then yeah again you could have problems with resolving..

    If you do not have time or skill set to actually troubleshoot where the problem is in the resolving process.. Then change over to forward mode and forward dns to your fav public ns.. Your isp for example.


  • LAYER 8 Netgate

    You can tell a lot from what the browser is displaying. These are from a recent firefox:

    This occurs when going to an address that does not exist in DNS - or you cannot resolve the name for some reason. Note that this is displayed almost immediately because the browser only waits until the DNS servers return NXDOMAIN.

    Page Title: Server Not Found
    Screen Shot 2019-04-29 at 10.50.38 AM.png

    The following example occurs when going to an address that does resolve in DNS but there is no web server listening. In this case the browser tries to connect for about a minute then times out and displays this.

    Page Title: Problem loading page
    Screen Shot 2019-04-29 at 10.57.45 AM.png

    Note that you can tell if you are looking at a DNS issue or a connectivity issue simply by looking at what the browser is saying.

    Note that there are other scenarios such as no working DNS resolvers configured that would present differently.


Log in to reply