Set up new router - DNS server not resolving all websites.
-
Hello,
new user for Netgate SG1100 router.Just configured a new SG1100 router on our business network.
I left DNS resolver settings default out of the box.
Some of our users were experiencing problems finding websites. Example, could not access Yahoo.com but Google.com worked.
I have the internet providers DNS server addresses entered in WAN.
What would be the issue?
thanks
mjc -
That depends on the real problem. What was the exact error they were getting? Was it a DNS resolution problem? Or was it an SSL certificate problem? Or was it a timeout? etc etc.
DNS Resolver works without needing any external DNS, right out of the box.
Are you using any packages like squid? What packages are you running?
Are you IPv6 at all, or just IPv4?
-
We would try to go to www.yahoo.com and the browser times out however if we go to google.com, it works just fine .
We cache and history were cleared.
We use Firefox and Chrome.
We use IPV4.
We don't use squid (yet) haven't had much time to try it out.
Thanks
Mjc -
We would try to go to www.yahoo.com and the browser times out however if we go to google.com, it works just fine .
Times out with what error message?
-
Out of the box unbound resolves.. What ns you put in or your isp hands you has zero to do with the process of resolving. If you have connectivity issues to the authoritative ns of a domain, then yes you would have problem resolving it.
I would suggest you try and resolve them on pfsense with the dns lookup under diagnostic.. What do you get back?
Best test for troubleshooting a resolver resolving something is to do a trace via dig.. So for example..
[2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig www.google.com +trace ; <<>> DiG 9.12.2-P1 <<>> www.google.com +trace ;; global options: +cmd . 511134 IN NS a.root-servers.net. . 511134 IN NS b.root-servers.net. . 511134 IN NS c.root-servers.net. . 511134 IN NS d.root-servers.net. . 511134 IN NS e.root-servers.net. . 511134 IN NS f.root-servers.net. . 511134 IN NS g.root-servers.net. . 511134 IN NS h.root-servers.net. . 511134 IN NS i.root-servers.net. . 511134 IN NS j.root-servers.net. . 511134 IN NS k.root-servers.net. . 511134 IN NS l.root-servers.net. . 511134 IN NS m.root-servers.net. . 511134 IN RRSIG NS 8 0 518400 20190512050000 20190429040000 25266 . bQWAaqwMGyuKJ43sy8YDogYmQbm0CPjSlIxhdSa5QhQXjWArYKeHpS/F oaoDGBoDxxTkNKDqhFp5NWZikNXGfzDr6VdYnWoRzhscK7gMC0UFdiLf HelwaJ8agLehlq9Hp6mX2AVUdTd0UfZcRioI3OS6azSMGEocNI96T4+9 AJ633UU62cSMEzxE/t+5U6p2Vc/JDwg4Ji9n9mPNJSN3oeBlyB4MXfLz 0/GpNbEagyWJOhWzpRyo4/DOTFxG8tyrnZWYLe88f8Brkdxm0AFg7xAh E55hO+57oGciCR0xffYvtJMX/oPll1Qa6tlGBBIZXtKwSsiktKA115Mw w6mLWQ== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20190512050000 20190429040000 25266 . tTkPbW8rgi25lW2D3n/F2YWYIYhAXbAWdcNz2qSZWYb6VrmpEofgYzJ4 ECalwEEdPzL3LuJ6FAFrRxbbP9x0gyQIdjBmrh+S8w2pQZ/unKipZ0XX GRNidmWyvH0myDoE8Ae/BOat1UN0NbMSTHlTCFay4ObPvLtVMuKtD/9w URhpjL+tw0F0ItTjH82G3S/rLmWFffBuMD4j+plqKbQvufC1wLcz37J7 mrVrkYjZmp7rnOoDv0LxuR64C0rsZ1GiFC1/aqITXIEOQZ8sh2QLX98I EkQaonhG7Padh2Xq92UdIc4L9MddzdTT7nUbySy/0Gn+gkzRceYfEZJO QLl06Q== ;; Received 1174 bytes from 2001:7fd::1#53(k.root-servers.net) in 59 ms google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190503044426 20190426033426 3800 com. F93eyh7LoSe/qEEfNCYLGLM32BxFcqw+zM2hbjPuIMXi2GnWrjDmN3Nt JiaoJzf6IXKOA21Vjlr3HMDZZoV6CoK5V4GQscusO5V4sCfjJRj72cnV wThZnBOEU/uOtAwkv8jkO2IX/zeMU6GQl4fFvLSiA63hd9zdObQ1kes6 d6I= S84BDVKNH5AGDSI7F5J0O3NPRHU0G7JQ.com. 86400 IN NSEC3 1 1 0 - S84CFH3A62N0FJPC5D9IJ2VJR71OGLV5 NS DS RRSIG S84BDVKNH5AGDSI7F5J0O3NPRHU0G7JQ.com. 86400 IN RRSIG NSEC3 8 2 86400 20190504050246 20190427035246 3800 com. GqcU5mc0j7aKFwdVcJfoVzofSstDFw6+iF7BIQAwwu8/DInAHtmyn2Pk 4wy3uHRQr3J40QFy9ISrDrpT9Vuhlnv7+ZIQ0q1+hJNW7yvEYzBGHc9M j0eYUe7P9Tcmy9G4VJswEBzrgr2rzX6Jbh38d87IArVF6UI1B9PMESQw 8NA= ;; Received 776 bytes from 2001:503:d414::30#53(f.gtld-servers.net) in 39 ms www.google.com. 300 IN A 216.58.192.228 ;; Received 59 bytes from 216.239.34.10#53(ns2.google.com) in 27 ms [2.4.4-RELEASE][admin@sg4860.local.lan]/root:
This could point out what part of the resolving process you could be having issues with.
If your isp is dicking with your dns queries, then yeah you could have issues trying to resolve as well.
if your on some really high latency connection, like sat or something then yeah again you could have problems with resolving..
If you do not have time or skill set to actually troubleshoot where the problem is in the resolving process.. Then change over to forward mode and forward dns to your fav public ns.. Your isp for example.
-
You can tell a lot from what the browser is displaying. These are from a recent firefox:
This occurs when going to an address that does not exist in DNS - or you cannot resolve the name for some reason. Note that this is displayed almost immediately because the browser only waits until the DNS servers return NXDOMAIN.
Page Title: Server Not Found
The following example occurs when going to an address that does resolve in DNS but there is no web server listening. In this case the browser tries to connect for about a minute then times out and displays this.
Page Title: Problem loading page
Note that you can tell if you are looking at a DNS issue or a connectivity issue simply by looking at what the browser is saying.
Note that there are other scenarios such as no working DNS resolvers configured that would present differently.