DNS sometimes go down...
-
Goodmorning everyone,
I've never had problems with pfsense, what I sometimes don't understand is why the DNS service sometimes stops, forcing me to restart it every time this happens.
Both DNS resolver and Forwarding Mode are enabled, in general setup I have configured 4 ip dns server and DNS Sever Override enabled. Do I miss something maybe? has anyone had the same problem? If anyone could help me I would be very grateful.
Thanks
-
@robertog said in DNS sometimes go down...:
Goodmorning everyone,
I've never had problems with pfsense, what I sometimes don't understand is why the DNS service sometimes stops, forcing me to restart it every time this happens.
Both DNS resolver and Forwarding Mode are enabled, in general setup I have configured 4 ip dns server and DNS Sever Override enabled. Do I miss something maybe? has anyone had the same problem? If anyone could help me I would be very grateful.
ThanksCan you be a little more specific with regards to this statement?
Both DNS resolver and Forwarding Mode are enabled, in general setup I have configured 4 ip dns server and DNS Sever Override enabled.
If you want pure forwarding mode, then enable the Forwarder and disable the Resolver. Do you by chance have both enabled in some fashion? That definitely would cause issues (although they really should not both start; the second one to start should complain about the port being in use).
Do you have any packages installed on the firewall? In particular, do you use pfBlockerNG with DNSBL enabled?
-
Hello!
Thank you for your swift reply, I mean that I'm using just dns resolver in forwarding mode.
In attached you can see...
Let me know if something is wrong, thank you very much for your help!
-
One thing you should change is to untick the option to "Allow DNS Server list to be overriden by DHCP/PPP on WAN". You are setting your own preferred servers, so you do not want your ISP overriding them. That's what is happening when you check that checkbox. Perhaps you ISP's DNS servers are having sporadic problems, and if so, with that box checked, that would cause you DNS issues as well.
If you simply want to do only forwarding I would suggest turning off the DNS Resolver and instead turning on the DNS Forwarder. Unbound is used for the resolver, and there are several events within pfSense that will cause an automatic restart of Unbound. One of those events is having the DHCP service configured to register hostnames with the Resolver. Each time a DHCP lease expires and renews, Unbound can get a restart signal in order for it to re-read its configuration files. While Unbound (the Resolver) is restarting, it can't service DNS requests from clients.
However, if you are not using DNSBL and if you do not enable the option to register DHCP leases with DNS, then Unbound (the Resolver) is generally pretty reliable. Take a look at your logs (system log and resolver log) to see if Unbound is frequently restarting. If so, that will explain why DNS sporadically seems to fail. If you see frequent restarts, see if you can determine why from the log data.
-
Thank you very much! for your swift reply, at moment I unchecked DNS Server Override, I will let you know how it's going on. In case still I have issue I switch off DNS Resolver and turning on DNS Forwarder.
Thank you again for your suggestion...
-
Since when I unchecked DNS Server Override I don't have issue. Thank you again!!!
-
I had a similar issue and I had DNSSEC enabled. turned it OFF since those servers already do that. it speed up browsing too slightly
one simple checkmark and you could be using DNS over TLS? (the next option below)
look on the providers site for the authentication servers
-
Thank you very much for this else suggestion.. I will try to turn off DNSSEC too.
