Odd DNS failure after VPN Provider change



  • Hey all,

    I'm dealing with a weird DNS issue I can't figure out, I'm hoping someone on here might have some suggestions of what to look at.

    I previously had my entire network go out via PIA VPN through OpenVPN on my pfSense router. When I read the news about Kape technologies buying them, I was no longer comfortable using them as a provider, so I decided to switch. After some research, I had good feelings about Mullvad, so I decided to use them instead.

    I deleted the VPN settings, interfaces and CA's from PIA, and followed Mullvad's instructions for how to set up on pfSense.

    After the change, devices on my network which pull their IP via DHCP continue to work just fine, but any device with a manually set IP and DNS can no longer resolve domain names.

    My strategy for manually setting IP addresses has been to do so on the client, manually setting the DNS to the IP address of the gateway. This always used to work, but now all of a sudden they can no longer resolve DNS via the gateway's IP.

    I have checked in Services -> DNS Resolver and it is still enabled. There are no settings in the resolver config that look like they would have been affected by this change. (The only thing that looks like it might be related is the interface, but it is already set to ALL)

    So now my choices are:

    1.) Figure out why this broke and fix it
    2.) Chase down every static IP server and desktop on my network and manually change their DNS (which seems ugly)
    3.) Revert every static IP on the network to DHCP, and use the DHCP server in pfSense to assign static IP's.

    Of these I strongly prefer #1.

    Does anyone have any idea what may have changed, and how I might fix it?

    Much obliged,
    Matt



  • Alright, quick follow-up.

    On my second review of "Services -> DNS Resolver" I saw a check-box under the "DNS Query Forwarding" subheading labeled "Enable Forwarding Mode".

    I checked it, and things seem to be working again.

    The thing is, I definitely never unchecked it from my previous settings, so I don't know if I actually fixed the problem, or if I changed the settings to work around it.

    In my ideal setup, my pfSense router would serve as a DNS cache to make everything faster, but I am not sure if that is happening now, or if it is just forwarding on the requests to the external DNS servers like some sort of proxy.

    I'd appreciate any thoughts regarding this.

    --Matt



  • i guess my first question.

    are you use the internal DNS server or their external DNS server? depending on HOW you connect to mullvad the internet gateway/ DNS server will be different than what they posted..

    there are a few tutorials on forcing DNS: again depending on how you setup the tunnel will depend on which server you use the external should always resolve though...

    https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

    when you are assigning static ip addresses I hope you are using pfsense for this. it does this very well.

    good luck


Log in to reply