NoIP overriding DNS Servers #Confused
-
I'm new to NoIP. Obviously the goal was to map a domain to my dynamic IP which has been achieved. My confusion is with my standard DNS Server configuration under General. I have these set to 1.1.1.2 & 9.9.9.9 however when I do a DNS lookup I'm now showing Comcast even though it's not configured under the General DNS Servers. I'm assuming this has something to do with my setting up Dynamic DNS as I've never had this issue before. Can someone explain if having Dynamic DNS enabled is somehow overriding my configuration? Based on the KB it seems that it masks your DNS Server in a lookup but isn't necessarily using the ISP DNS Servers as it would seem, It would just be nice to have some sort of visual confirmation that i'm using the DNS servers listed under General...
Dynamic DNS
Dynamic DNS updates an external DNS server with an interface IP address when it changes. This enables a firewall with a dynamic WAN such as DHCP or PPPoE to host public services even when its IP address changes periodically.See below.
-
there is no reason to hide "your DNS server"
dynamic DNS has nothing to do with DNS resolution
if you are using "DNS Resolver" you need to enable "forwarding" or it will use the root server to resolve -
thank you for the input. i enabled the dns forwarding as mentioned but it broke all DNS resolution and had to revert.
-
hard to tell without any screenshot of your configuration, but the logic is that you enable forwarding if you want to use the DNS from general settings or you leave it disabled if you want to query root servers directly also
pc on LAN must have pfSense IP as DNS server,
you need to check if firewall rules permit traffic to that DNS server (out of the box it should but we don't know what you have) -
If you want to forward, you have to set that up.. Out of the box pfsense resolves using unbound. You have no need to set anything in general dns.
If you forward, then what you set in general will be used.
Keep in mind that when you get dhcp from your ISP for your wan, or if you have some other router upstream of pfsense and pfsense set for dhcp, that the dns handed out in dhcp can overrride and set your dns for you.
Unless you have a really bad internet connection, say sat or something.. Or you isp blocks 53 outbound to public internet, and only allows specific known dns servers.. Pfsense out of the box just resolves, and should be fine and better solution for dns for vast majority of people - this is why its default ;)
-
the requested information. unchecked forwarding since it caused DNS to not resolve domains.
-
Well your not forwarding - so those servers in dns servers mean nothing to any client asking unbound (pfsense) for dns. The only possible thing that would use those dns would pfsense itself, when looks to try and find packages or to see if there is an update. Or if you tell it to resolve something in a firewall log.
if your not going to forward there is little reason to lists those NS in dns under general.
-
@johnpoz i agree with you that forward should work if that option is selected however previous attempts to enable it caused DNS to not resolve domains. I will select that option and restart the device in the event the unbound resolver is getting hung during the update process.
-
Is resolving working?
There is no reason to restart pfsense - is unbound running or not.. you can see if it is. Just by looking at the unbound log, or the services widget, etc.
-
@johnpoz trying to enable it now, spinning endlessly, never get apply button. may need to disable pfblocker and suricata to speed it up...
result:
504 Gateway Time-out
nginxgoing to connect via serial now
-
pfblocker can slow down unbound startup sure. If your loading a shitton of lists.
-
-
I wouldn't really say that - your forwarding.. Not a fan ;)
