Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Potential DNS Issue On Windows 10 PC's

    Scheduled Pinned Locked Moved DHCP and DNS
    21 Posts 6 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akministrator
      last edited by

      Hi All,

      I am experiencing a strange issue that is only affecting Windows PC's on my home network (Windows 10). My other PC's running various distros of Linux are not having the same problem.

      Issue experienced:
      Windows 10 PC's cannot browse the Internet unless they connect using a VPN. Linux PC's have no issue at all browsing the Internet. Both have DHCP set to dynamic, and DNS to automatic.

      Here is the setup:
      Internet > ISP > pfSense Box > Switch > Various PC's

      Troubleshooting performed so far:

      • All PC's correctly receive and IP Address from the DHCP Server.
      • All PC's can ping each other on the LAN, and can communicate with the Gateway.
      • Can ping 8.8.8.8 from all PC's.
      • Cannot ping google.com only on Windows 10 PC's. Request timed out.
      • nslookup google.com on an affected Windows 10 PC displays [192.18.1.1]. Not sure what this is, the Gateway is 192.168.1.1.
      • Restarted DNS service in pfSense.
      • Tried to flush and register DNS in CMD.
      • Tried to set a static IP's and DNS.
      • Rebooted pfSense box.
      • Decided to factory reset pfSense and left it pretty much all on auto. ISP recommends setting WAN IP Address to dynamic.

      The DNS servers it is displaying now is, 127.0.0.1, 1.1.1.1 and 8.8.8.8. I also haven't manually set DNS Servers yet in Services > DHCP > Server > LAN. I haven't had to do this in the past.

      Not sure what else to try, thanks in advance for any assistance.

      1 Reply Last reply Reply Quote 0
      • L
        LohanDett
        last edited by

        DNS Port is allowed in your firewall? If 8.8.8.8 works but not google.de maybe that's the issue.

        1 Reply Last reply Reply Quote 0
        • A
          akministrator
          last edited by

          Essentially I can ping 8.8.8.8 on the Windows PC's, but not google.com.
          I'll include some screenshots of my settings, most of which are on default since the factory reset.1.jpg 2.png 3.png 4.png

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            I'd untick DNS Server Override for a start.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              lets see your lan rules..

              And output of nslookp..

              example

              $ nslookup www.google.com                 
              Server:  sg4860.local.lan                 
              Address:  192.168.9.253                   
                                                        
              Non-authoritative answer:                 
              Name:    www.google.com                   
              Addresses:  2607:f8b0:4009:812::2004      
                        172.217.6.100                   
              

              Does it say timeout, what?

              If can not resolve pfsense name as the server - points to not being able to even talk to dns on pfsense.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • A
                akministrator
                last edited by

                Tried unticking DNS Server Override, I assume I will now need to set some DNS servers manually in System > General Setup > DNS Server Settings. e.g. 1.1.1.1 / 1.0.0.1.

                Here is a screenshot of LAN Interface settings:
                6.png

                nslookup result on Windows PC:
                7.png

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  So your windows machine is using that fe80 address for dns.. Which is link local ipv6 address, is that pfsense?

                  And its looking for www.google.com.localdomain

                  Which is resolving to 198.18.1.1..

                  Why is you client auto adding that localdomain in your query? And why does that resolve to 198.18.1.1???

                  NetRange: 198.18.0.0 - 198.19.255.255
                  CIDR: 198.18.0.0/15
                  NetName: SPECIAL-IPV4-BENCHMARK-TESTING-IANA-RESERVED

                  Change your server in nslookup to use pfsense ipv4 address.

                  $ nslookup
                  Default Server:  sg4860.local.lan
                  Address:  192.168.9.253
                  
                  > server 192.168.1.1
                  Default Server:  [192.168.1.1]
                  Address:  192.168.1.1
                  

                  Then ask for www.google.com

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN
                    NogBadTheBad
                    last edited by

                    If you use DNS resolver it talks to the root servers.

                    Does a lookup directly from your pfSense box still resolve FQDNs?

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    1 Reply Last reply Reply Quote 0
                    • A
                      akministrator
                      last edited by

                      I have no idea what that fe80 IPV6 Address is, I don't think its pfSense. Also not sure what 192.18.1.1 is, never seen that before.

                      Changing the server in nslookup displays a more promising result:
                      9.png

                      A lookup from the pfSense box resolves to a FQDN:
                      10.png

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        So you need to figure out who exactly is that fe80 address?

                        look on pfsense lan interface - is that pfsense linklocal address?
                        linklocal.png

                        You can find that under the status / interfaces tab

                        198.18 is a special address block - like rfc1918 address space... Suppose to be used in special cases for benchmarking, etc..

                        Do you have any other router on the network? Say an ISP device... what is the output of ipconfig /all on your windows box... Did you setup ipv6 on pfsense?

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • A
                          akministrator
                          last edited by akministrator

                          So the LAN interface IP on PF is not the same as the one listed in the CMD screenshot (fe80).

                          "198.18 is a special address block - like rfc1918 address space... Suppose to be used in special cases for benchmarking, etc.."

                          Interesting.

                          "Do you have any other router on the network? Say an ISP device... what is the output of ipconfig /all on your windows box... Did you setup ipv6 on pfsense?"

                          I think there might be some routers around but they would have DHCP turned off.
                          There is also an ISP device on the the network (FTTC box).
                          I haven't set IPV6 on PF. I did a factory reset earlier today though.
                          Standby I'll get the full output of ipconf.

                          1 Reply Last reply Reply Quote 0
                          • A
                            akministrator
                            last edited by

                            Here is the full IP configuration from CMD.
                            11.png

                            1 Reply Last reply Reply Quote 0
                            • A
                              akministrator
                              last edited by

                              PF LAN interface stats.
                              12.png

                              1 Reply Last reply Reply Quote 0
                              • A
                                akministrator
                                last edited by

                                "198.18 is a special address block - like rfc1918 address space... Suppose to be used in special cases for benchmarking, etc.."

                                Actually, Prime95 happens to be running on that particular PC, maybe that has something to do with it?

                                1 Reply Last reply Reply Quote 0
                                • S
                                  sotirone
                                  last edited by

                                  You are passing ipv6 addresses from something through pfsense. Your ISP modem/router is also using ipv6 and you have configured your LAN Interface to take those ipv6 addresses and probably use them.

                                  If you have no need, disable ipv6, remove the ipv6 track interface from the LAN interface configuration page and I suppose your problems will go away. It might be that your Linux machines are not configured to use ipv6 and thus have no problems.

                                  1 Reply Last reply Reply Quote 1
                                  • A
                                    akministrator
                                    last edited by

                                    "If you have no need, disable ipv6, remove the ipv6 track interface from the LAN interface configuration page and I suppose your problems will go away. It might be that your Linux machines are not configured to use ipv6 and thus have no problems."

                                    Yep that seems to have done it, although I wasn't able to stop IPV6 Track on the LAN interface. Due to this error; "The DHCP6 Server is active on this interface and it can be used only with a static IPv6 configuration. Please disable the DHCPv6 Server service on this interface first, then change the interface configuration".

                                    Regardless I disabled IPV6 on the Windows PC's for good measure and they are able to load webpages now.

                                    Thanks for the help.

                                    S 1 Reply Last reply Reply Quote 0
                                    • S
                                      sotirone @akministrator
                                      last edited by

                                      @akministrator Glad to help although your setup is still problematic.

                                      If you have no use for ipv6, please disable the dhcpv6 server and everything related to ipv6 under each Interface, DHCP or DNS tabs. Your Windows machines were being assigned either local or probably public ipv6 addresses from either the ISP modem/router or the ISP itself and that could lead to security risks.

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by johnpoz

                                        well somehow your windows box got it in head to use that link local 4eb2 device as dns...

                                        You really need to figure out what that device is... To start with you could do a simple sniff on your windows machine and then do a nslookup for something that is asking that 4eb2 box.. Say using wireshark - which you can then see the mac address with.. From that you can atleast tell what is the maker of the device from the first 3 numbers in the mac..

                                        You could also do a
                                        netsh int ipv6 show neighbors

                                        from a cmd prompt on windows and look to see the mac address of that 4eb2 address.

                                        unless you enabled ipv6 in pfsense, and turned on RA - it could be handing that info out... What else is on network windows is connected too.. How does your isp device connect into your network..

                                        for example on my windows box I see this in the neighbors table

                                        fe80::208:a2ff:fe0c:e624                      00-08-a2-0c-e6-24  Stale (Router)
                                        

                                        If I look up that 00-08-a2 I cans tell that its the pfsense box..

                                        https://aruljohn.com/mac/0008A2
                                        maclookkup.png

                                        Or you could look it up here as well
                                        anotherlookupspot.png

                                        as to it being prime95, the search for prime numbers thing - yeah I find that really unlikely.. Your best bet is to track down the device with that 4eb2 address... Another way would be to sniff and look for RAs

                                        Running wireshark on your windows machine you can see the RAs and then figure out the device sending them telling you to use that 4eb2 address for dns..

                                        icmp6.png

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                                        1 Reply Last reply Reply Quote 1
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator
                                          last edited by johnpoz

                                          Just to make sure its not left over something from when you were playing with ipv6 maybe on pfsense? Look at the RA on your lan in pfsense - or any other interfaces in case you have multiple networks on the same layer 2 and validate that RA are not enabled on any of pfsense interfaces.

                                          leftovers.png

                                          And dhcpv6 as well - if your not using IPv6 none of this should be running on pfsense.

                                          Quick fix would be to just disable ipv6 on windows - but you really should figure out where its getting that info from.

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                                          1 Reply Last reply Reply Quote 1
                                          • J
                                            johner
                                            last edited by

                                            Hi,

                                            I have a similar issue, with 192.18.1.1 showing as any hosts IP when pinging them, this is on 2 x win10 machines.

                                            I have a SamKnows ACCC monitoring box between pfSense lan interface and my switch where all devices connect to.

                                            WAN > PFS > SamKnows > Switch >devices (inc Wifi AP)

                                            Some win10 machines are fine.

                                            IPv6 all disabled (from what I can see).

                                            OP - did you resolve this?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.