DNS Resolver Host Override not working in Windows
-
Here is the arp. I have installed vmware workstation, so there are some v-NICs
c:\>arp -a Interface: 192.168.193.1 --- 0x4 Internet Address Physical Address Type 192.168.193.254 00-50-56-f8-2e-d8 dynamic 192.168.193.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 230.0.0.1 01-00-5e-00-00-01 static 234.48.35.103 01-00-5e-30-23-67 static 239.192.152.143 01-00-5e-40-98-8f static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static Interface: 192.168.100.100 --- 0x7 Internet Address Physical Address Type 192.168.100.1 c0-c1-c0-7d-dd-22 dynamic 192.168.100.2 00-50-56-9a-31-cd dynamic 192.168.100.3 94-0c-6d-1b-08-8e dynamic 192.168.100.52 a4-e4-b8-6c-55-b4 dynamic 192.168.100.103 74-d4-35-07-1f-b5 dynamic 192.168.100.140 00-0c-29-a9-96-19 dynamic 192.168.100.150 18-03-73-cf-7e-1e dynamic 192.168.100.151 00-0c-29-13-e6-79 dynamic 192.168.100.155 00-11-32-2c-a6-03 dynamic 192.168.100.190 00-0c-29-82-d9-11 dynamic 192.168.100.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 230.0.0.1 01-00-5e-00-00-01 static 234.48.35.103 01-00-5e-30-23-67 static 239.192.152.143 01-00-5e-40-98-8f static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static Interface: 169.254.54.84 --- 0x12 Internet Address Physical Address Type 169.254.255.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 230.0.0.1 01-00-5e-00-00-01 static 234.48.35.103 01-00-5e-30-23-67 static 239.192.152.143 01-00-5e-40-98-8f static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static c:\>My pfsense runs on a ESXi host as a VM. And the MAC is 00-50-56-9a-31-cd, which seems correct.
I have never tried Wireshark before and I will post the log as soon as I can.
-
Here is some log from Wireshark when I did a
c:\>nslookup www.facebook.com Server: UnKnown Address: 192.168.100.2 Non-authoritative answer: Name: star-mini.c10r.facebook.com Addresses: 2a03:2880:f105:83:face:b00c:0:25de 157.240.12.35 Aliases: www.facebook.comFrom the log, I can read that my Windows (100.100) DID talk to pfsense (100.2), but not handled by unbound.
One more thing to mention, I did install BIND for some testing before, but it is disabled, same with DNS forwarder. Only DNS Resolver is enabled right now.
-
OK, you're definitely talking to pfsense for DNS. You queried it for www.facebook.com and it returned a result for both IPv4 and IPv6. Did you add the host override for www.facebook.com?
-
@KOM
Yes!
And for testing and fun, I disabled DNS resolver and run nslookup in Windows, and still able to resolve. Does that make any sense?
c:\>ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. c:\>nslookup www.facebook.com Server: UnKnown Address: 192.168.100.2 Non-authoritative answer: Name: star-mini.c10r.facebook.com Addresses: 2a03:2880:f10e:83:face:b00c:0:25de 157.240.14.35 Aliases: www.facebook.com -
So you have something else listening on 53 on pfsense then and not unbound..
lets see what is listening on 53
[2.4.4-RELEASE][admin@sg4860.local.lan]/: sockstat | grep :53 unbound unbound 42007 3 udp4 192.168.3.253:53 *:* unbound unbound 42007 4 tcp4 192.168.3.253:53 *:* unbound unbound 42007 5 udp6 2001:470:snipped:3::253:53 *:* unbound unbound 42007 6 tcp6 2001:470:snipped:3::253:53 *:* unbound unbound 42007 7 udp4 192.168.9.253:53 *:* unbound unbound 42007 8 tcp4 192.168.9.253:53 *:* unbound unbound 42007 9 udp4 192.168.2.253:53 *:* unbound unbound 42007 10 tcp4 192.168.2.253:53 *:* unbound unbound 42007 11 udp4 192.168.6.253:53 *:* unbound unbound 42007 14 tcp4 192.168.6.253:53 *:* unbound unbound 42007 15 udp4 192.168.4.253:53 *:* unbound unbound 42007 16 tcp4 192.168.4.253:53 *:* unbound unbound 42007 17 udp4 192.168.7.253:53 *:* unbound unbound 42007 18 tcp4 192.168.7.253:53 *:* unbound unbound 42007 19 udp4 127.0.0.1:53 *:* unbound unbound 42007 20 tcp4 127.0.0.1:53 *:* unbound unbound 42007 21 udp6 ::1:53 *:* unbound unbound 42007 22 tcp6 ::1:53 *:* [2.4.4-RELEASE][admin@sg4860.local.lan]/: -
@johnpoz said in DNS Resolver Host Override not working in Windows:
sockstat | grep :53
You are right. seems BIND is running.
But I checked the settings and it's disabled.
And what is this "named"???
-
named is BIND
-
Thank you so much, johnpoz!
I manually stopped the service at Status/Services screen. And this is what I got:
c:\>nslookup www.facebook.com Server: pfSense.mydomain.com Address: 192.168.100.2 Name: www.facebook.com Address: 192.168.100.201 c:\>nslookup 192.168.100.201 Server: pfSense.mydomain.com Address: 192.168.100.2 Name: www.facebook.com Address: 192.168.100.201Still have questions though:
-
As the screenshot shows, BIND is NOT enabled. How did this service get started?
-
I haven't touched BIND for a long time. But I did restart pfsense for testing, which means the named service get auto started when reboot. How can I stop it?
-
-
No idea... Seems like you config is borked.. Export your config and look at the xml.. If not enable it shouldn't be starting - unless you manually did something like installed bind on your own vs packages, etc.
-
@johnpoz said in DNS Resolver Host Override not working in Windows:
No idea... Seems like you config is borked.. Export your config and look at the xml.. If not enable it shouldn't be starting - unless you manually did something like installed bind on your own vs packages, etc.
I installed BIND from package. I guess I will have to uninstall it later.
Thank you again for your help! You are amazing! -
Did you maybe click on the service and start it that way? I have the package installed because time need to play with it to help users.
It doesn't auto start itself..
Learned one thing for sure - check earlier what is actually run if other users have sim issue ;) Would of solved your problem like in step one vs just trusting that all you had running was unbound.
-
@johnpoz
No I didn't start the service manually.
Very weird, isn't it? I would think only one service can be started on one port, 53. Maybe it's a bug of pfsense? LOLOne last question:
DNS forwarder, DNS resolver and BIND all do the same thing and only one should be enabled, correct?Is DNS resolver the best in your opinion?
-
No its not a bug.. look at your bindings.. Your not bound to the same things.
Bind is the king of dns... But you do not need it on pfsense, unbound is fine... I have been managing dns for years and years.. Since back in the bind 4 days. I just use unbound... its all you need for a home setup.
its got pretty much any of the features you could possible need.. Now if wanted to run an authoritative ns, or needed slave ns then I would run bind.
-
@shawn8888 said in DNS Resolver Host Override not working in Windows:
I installed BIND from package.
This would have been a good nugget to know right from the start. At least it's working now.
