filterdns failed to resolve host will retry later again.

bcruze

full message is:

filterdns failed to resolve host 192.168.1.1.253 will retry later again.

that address is not pingable. it was finding a LIFX bulb. since this started i have changed the ip address to another static ip address. put the bulb back on dhcp it has a new address is pingable. the light bulb works. but the dns resolver logs says this constantly

i have tried this fix: https://forum.netgate.com/topic/59108/filterdns-problems-after-a-typo-in-an-alias

and it is still an issue. suggestions? i have rebooted the firewall. done everything i know i can do
i did have a few DNS resolver advanced configuration options checked: they are disabled now
query name minimization
prefetch dns support
prefetch dns key support
harden dnssec data. (this gave me an error in TRYING to turn off) even though i don't even have DNSSEC enabled on the previous page.

johnpoz

and what exactly is in your
/var/etc/filterdns.conf

Do say a
cat /var/etc/filterdns.conf

Do you still see that typo.. 192.168.1.1.253 is not a valid IP address.

bcruze

pf 192.168.1.1.253 lifx
pf 192.168.1.251/32 lifx
pf 192.168.1.252/32 lifx

is the full filterdns.conf file
can i just delete these entry's ?

johnpoz

So the fix you said you did would of done that it would of removed the whole file.

Do you still have that typo in your alias?

bcruze

that gave me the information to fix this i believe. i deleted the alias entirely.

thank you Sir

johnpoz

so now your filterdns.conf only shows what you want in there?

bcruze

i deleted the incorrect alias, and applied

it still shows :

pf 192.168.1.1.253 lifx
pf 192.168.1.251/32 lifx
pf 192.168.1.252/32 lifx

should i just remove all three lines?

Gertjan

@bcruze said in filterdns failed to resolve host will retry later again.:

i deleted the incorrect alias, and applied

it still shows :

pf 192.168.1.1.253 lifx
pf 192.168.1.251/32 lifx
pf 192.168.1.252/32 lifx

should i just remove all three lines?

The file
/var/etc/filterdns.conf
is build with the info setup in the GUI.

If
/var/etc/filterdns.conf
contains wrong things, like "192.168.1.1.253" (which is not a valid IPv4 so it probably treats it as a FQDN, and that will fail).

Btw : IMHO there is no need to 192.resolve 168.1.251/32 because it's already an IPv4 ....

bcruze

understood. but i deleted it from the GUI, and it still remained in the file. i manually deleted it from the file.

Gertjan

@bcruze said in filterdns failed to resolve host will retry later again.:

i manually deleted it from the file.

That file, as any other settings-file will be regenerated by the pfSense-GUI.
You can't really edit these files, your edits will be overwritten with the GUI settings.

Run this 'magic' command in the console (after option 8) to check if any references exists in your GUI settings :

grep '192.168.1.1.253' /cf/conf/config.xml

If it doesn't return anything, then "192.168.1.1.253" doesn't exist in the GUI.
If it does, show us the results ....

johnpoz

@Gertjan said in filterdns failed to resolve host will retry later again.:

Btw : IMHO there is no need to 192.resolve 168.1.251/32 because it's already an IPv4 ....

Yeah I am curious as well - what exact alias type are you putting these IPs in?

bcruze

i have 2 tunnels setup. but i wanted to setup the lights to go over the WAN instead of the tunnels.

so i created an alias called lifx and added the lights on the network. then under firewall > rules > lan added the alias and changed the default gateway to WAN.

so to fully answer your question i was assigning static IP addresses out of my DHCP pool range. and yes it was pretty high up there..

johnpoz

Yeah ok there are lots of reasons for alias - is the bad entry now gone from filterdns.conf ?

bcruze

after i manually removed it from the file yes

johnpoz

So here is the thing filter dns only updates so often, so it would of prob cleared itself out after you corrected the typo or removed the entry.

But as long as its cleared and the other stuff you want in the alias is listed you should be good.

bcruze

thank you. you originally gave me the information to fix in i believe you 2nd post.
this is resolved