I can't find where the mistake is

gusto

This is the structure of my home LAN

PFSense is set up almost from the factory and works well. My ISP is Slovak Telekom. I'm from Slovakia. Quite often, some web services stop working. It will stop working e.g. google, gmail, youtube and almost all foreign domains. Many sk and cz domains continue to work. After a while, everything will start working again.
The internet connection is fine because many web sites still work.
At a time when google, gmail, youtube, etc. do not work, I try ping on a personal computer (linux).

8.8.8.8 - working
1.1.1.1 - working
gooogle.com - not working

pfsense / Diagnostics / Ping

8.8.8.8 - working
1.1.1.1 - working
gooogle.com - working

pfsense dashboard shows that everything is fine

I can't find the error, but I have a feeling the error will be in the DNS settings.

pete35

@gusto

You may try to remove these DNS Servers (1.1.1.1 and 8.8.8.8)
from the configuration. Pfsense will reach out for the root servers then. This should work. If it doesnt, there may be a connection problem. You may use local DNS servers from yr ISP too.

jeff3820

@gusto Sounds like the DNS Resolver is crashing. There is an update to the DNS Resolver (1.13.1) that should fix the issue.

Put this into CLI under Diagnostics > Command Prompt

pkg upgrade -fy unbound; pfSsh.php playback svc restart unbound

The updated version of unbound will be downloaded, installed, and restarted. See if that helps.

gusto

del

Gertjan

Yeah, wipe that 1.1.1.1 and 8.8.8.8. You don't need those, as the default resolver setup works well.
Or do you have a deal with 8.8.8.8 to give them your private ! DNS info ?

Next step : go Status > System Logs > System > DNS Resolver
and hit Ctrl-F
Type

start

and now check how often unbound restarts.

Look at one of my other posts what be can be a solution.
Example :
Mine restarted 4 days ago :

gusto

@gertjan
Among other things, I had a problem with port forwarding and this morning I came back I did a downgrade.
Here is a listing of the last 500 lines of the dns resolver.

Gertjan

@gusto said in I can't find where the mistake is:

Here is a listing of the last 500 lines of the dns resolver.

Why listing 500 lines ?
Can't you just count the number ? I've shown an example in the image above.
You know : hit Ctrl-F (find) ......

You would have found that in less then 6 hours your unbound restarts 20+ times.

Before you ask : that' NOT ok.

Un check this option (on the resolver settings page) :

and re test after 24 hours or so.

gusto

@gertjan
I did it according to your instructions and I'll check the log tomorrow (with ctrl+f in web browser)
Thak you

gusto

I looked at the log after 3 days

SystemLogs/System/DNS Resolver/

log contains only

Mar 23 14:15:02	unbound	19389:1	info: generate keytag query _ta-4f66. NULL IN
Mar 24 01:36:07	unbound	19389:0	info: generate keytag query _ta-4f66. NULL IN
Mar 24 13:30:32	unbound	19389:0	info: generate keytag query _ta-4f66. NULL IN
Mar 25 01:02:07	unbound	19389:0	info: generate keytag query _ta-4f66. NULL IN
Mar 25 12:38:16	unbound	19389:0	info: generate keytag query _ta-4f66. NULL IN
Mar 26 00:14:51	unbound	19389:0	info: generate keytag query _ta-4f66. NULL IN
Mar 26 12:06:38	unbound	19389:0	info: generate keytag query _ta-4f66. NULL IN

Whether the internet works well. If I happen to be out of the internet in the future, how should I diagnose the problem?
thx

Gertjan

@gusto said in I can't find where the mistake is:

Mar 23 14:15:02 unbound 19389:1 info: generate keytag query _ta-4f66. NULL IN
Mar 24 01:36:07 unbound 19389:0 info: generate keytag query _ta-4f66. NULL IN
Mar 24 13:30:32 unbound 19389:0 info: generate keytag query _ta-4f66. NULL IN
Mar 25 01:02:07 unbound 19389:0 info: generate keytag query _ta-4f66. NULL IN
Mar 25 12:38:16 unbound 19389:0 info: generate keytag query _ta-4f66. NULL IN
Mar 26 00:14:51 unbound 19389:0 info: generate keytag query _ta-4f66. NULL IN
Mar 26 12:06:38 unbound 19389:0 info: generate keytag query _ta-4f66. NULL IN

Nothing else ?
You changed the log settings ?
With default settings, unbound logs more then that.

@gusto said in I can't find where the mistake is:

If I happen to be out of the internet in the future, how should I diagnose the problem?

That's why I always say "use the default settings".
When the internet goes down you have nothing to do except waiting.
Because on your side everything is fine.
You could do other, more useful things.

gusto

@gertjan
Nothing but what I sent. In front of this is only the 500 lines you have already seen.
PFSense is almost on by default. I made only minor adjustments. If necessary, I will send an xml here. However, I would have to cover private data from xml, e.g. pppoe etc.