DNS problems on the Jul 03 07:02:27 EDT 2020 snapshot



  • Can't ping any site directly from pfSense and also from clients. Since I use resolver built in pfSense, so dashboard shows only 127.0.0.1 that's is correct, because DNS Server Override by ISP DNS servers is not enabled, and the resolver service seems to be working fine, no error messages, looks fine and Diagnostics / DNS Lookup answers only with IPv6

    Record type
    2a00:1450:400f:80b::200e	AAAA
    

    and 127.0.0.1 query time is "no response"

    and ping responses with

    Host "google.com" did not respond or could not be resolved.
    

    I have not changed anything and my previous snapshot was 29 june 06:50 version.
    I have CARP and backup firewall configured the same way for DNS and there is no problem, backup fw is 2.4.5
    Also, sometimes it starts working without any changes on my side, just some manual DNS Lookup several times.



  • Toggled "Respond to incoming SSL/TLS queries from local clients" option enabled and DNS is working fine on firewall and clients too, but... it works only when I press save but don't press apply changes after saving is complete, so the option itself does not mean anything but something happening in background when I press save button.



  • Got another one snapshot and the problem has gone. Wonderful.
    By the way, I think that the root cause was default gateway logic modification, for some reason it looks like resolver (unbound) did not used WAN on tier1 but used failback WAN2 on tier2 and WAN2 was just out of prepaid traffic. On the latest snapshot it using active gateway, currently WAN, so I hope the problem is solved.


Log in to reply