Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Some Websites not working

    Scheduled Pinned Locked Moved General pfSense Questions
    20 Posts 2 Posters 1.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      Impovich
      last edited by Impovich

      Hi all, having an issue with some pages that are either not reachable or take ages to be loaded. If I connect my old dd-wrt router everything works.
      What I have:
      hardware - supermicro - SYS-5019C-FL
      pfsense 2.5.0-RELEASE fresh install on xcp-ng, without any addons.

      first issue(slow loading):
      for example, nord VPN support takes ages to be loaded, once it is there is no CSS styles and pictures.

      the second issue(not reachable)
      my electricity provider page is not reachable and not pingable from any client on the network. nslookup on clients looks like this:
      ;; connection timed out; no servers could be reached
      If I ssh into pfsense box I can ping it from there without any issue.
      here is how traceroute looks from pfsense box:
      1 10.32.16.1 1.632 ms 1.886 ms *
      2 172.31.255.30 2.931 ms 1.545 ms 1.036 ms
      3 91.123.176.13 1.831 ms 1.819 ms 1.515 ms
      4 91.123.176.134 8.907 ms 8.718 ms 8.320 ms
      5 195.182.219.248 13.966 ms 16.416 ms 15.283 ms
      6 * * *
      7 * * *
      8 * * *
      9 * * *
      10 * * *

      What I have done so far,

      1. Disabled hardware checksum offload - it helped to get CSS styles for nordvpn page, but it takes like few minutes to get loaded. Electricity provider page not reachable.
      2. Checked Clear invalid DF bits instead of dropping the packets - nothing changed
      3. Checked Disables the PF scrubbing option which can sometimes interfere with NFS traffic. - nothing changed
        Tried different combinations of those, nothing.

      Thank you in advance for your help.

      I 1 Reply Last reply Reply Quote 0
      • I Offline
        Impovich @Impovich
        last edited by

        Completely forgot that my beloved ISP gives me private IP 10.32.16.153. Unchecked "Blocks traffic from IP addresses that are reserved for private networks per RFC 1918" for WAN interface. Issues are still the same.

        I 1 Reply Last reply Reply Quote 0
        • I Offline
          Impovich @Impovich
          last edited by

          Installed PfSense on the bare metal. Still the same issue.

          I 1 Reply Last reply Reply Quote 0
          • I Offline
            Impovich @Impovich
            last edited by

            DNS Query Forwarding - Enable Forwarding Mode - Checked. Did the trick, would be happy if someone explains to me what happened under the hood?

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @Impovich
              last edited by Gertjan

              This is what unbound does when it resolves something like

              dig +trace www.tauron.pl

; <<>> DiG 9.16.12 <<>> +trace www.tauron.pl
;; global options: +cmd
.                       84783   IN      NS      e.root-servers.net.
.                       84783   IN      NS      f.root-servers.net.
.                       84783   IN      NS      g.root-servers.net.
.                       84783   IN      NS      h.root-servers.net.
.                       84783   IN      NS      i.root-servers.net.
.                       84783   IN      NS      j.root-servers.net.
.                       84783   IN      NS      k.root-servers.net.
.                       84783   IN      NS      l.root-servers.net.
.                       84783   IN      NS      m.root-servers.net.
.                       84783   IN      NS      a.root-servers.net.
.                       84783   IN      NS      b.root-servers.net.
.                       84783   IN      NS      c.root-servers.net.
.                       84783   IN      NS      d.root-servers.net.
.                       84783   IN      RRSIG   NS 8 0 518400 20210410170000 20210328160000 42351 . TTAvtgICcIkaHPOvTG27q1E4Igng7PYMVrf2GgL5+Pdodp1Jkov3HO37 gcK8+9JBTieEXMIWvBaBbcUybErh479G+f2Qc9rVbRyJW+IWjazslu8a CJkUKIAfKE6Ks3Pz/io7IHRc2HzhYYAr0v5ooRGH5yd4Xby0SslJg+zh 6j2o04x+SfaEDyh9VItVdHtEeAZ18D76JQZb1lB3/lRd0KiJHv7Y6Eqi TJNLlPoMTzztdBoshTfKSznQURRSYYFfYXM2IugeC5KJl23htoTBtVWL 4m0C6crxQ1sfuUzNnWGmXhGkh2ocnJiwWdfU/WSY7AnnX4TxfHQYFRrW /nDQhg==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

pl.                     172800  IN      NS      a-dns.pl.
pl.                     172800  IN      NS      i-dns.pl.
pl.                     172800  IN      NS      f-dns.pl.
pl.                     172800  IN      NS      e-dns.pl.
pl.                     172800  IN      NS      g-dns.pl.
pl.                     172800  IN      NS      h-dns.pl.
pl.                     172800  IN      NS      b-dns.pl.
pl.                     172800  IN      NS      d-dns.pl.
pl.                     172800  IN      NS      c-dns.pl.
pl.                     86400   IN      DS      51352 8 2 C4282918DE616A9E3BFFEC1F0652A41CF73DB7EF7F5785DB7359E9E5 9D40048C
pl.                     86400   IN      RRSIG   DS 8 1 86400 20210410170000 20210328160000 42351 . cJ2gK+R1IJktjBJOO7LwpTHAmbxvDN3+4p08mzf8RS/odkefZ3cMGjoE sQW1EVxhdEXLtI+7jvh74tzj27zMjX9MPvT8QC4JuLuQa00fj4UGdyzL oYA4Hda2sqUXCPKwHQZtiSHknpW1fdCjlX9XmpiR9X2voIsd2zyo49U3 EpitZg85/BNUjL7nBJ+uaxfFd2MZafGx+kERJQfAKbhOF6qZ3u9Vgtyk v3h94JOHB7q6kk8gZsxvD/s80i5ZEg6jhoYmrJaSo6sjYxni63IxbkzC v8LfUN2HHOSdenyzdXtP6CYsbAL26lQNdUHNGY6N5WQixA3CsTbNZCcy xd18EA==
;; Received 925 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 52 ms

tauron.pl.              86400   IN      NS      dns3.tauron.pl.
tauron.pl.              86400   IN      NS      dns1.tauron.pl.
tauron.pl.              86400   IN      NS      dns2.tauron.pl.
2GLLS5CD57BP9AD6CI8U1SFJ8GUOSCH7.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 2GLNUCH8GO3NFPDL68PCN7H39LGSLTQB NS SOA TXT RRSIG DNSKEY NSEC3PARAM
2GLLS5CD57BP9AD6CI8U1SFJ8GUOSCH7.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210420120000 20210321120000 54375 pl. hOeDGZLOEfy13zGEOfRIWTkzvO2FVvWw/ekusjtwRk3FWQAkkNG6T0tQ y+lgtoxfIsMymM1aRD8sX6pC1q5KVgqah1R0cJpV2JBkMF17eq2iE8Vy RVmLL0vRsVs7RKZ40Y8UoZXFnjfbcgG+SdFFk7TDv5kzOxugASj2eLdz eLGISh69okg1idPQIWW+Ae5ExNDafJiBSKuvZxwPMo/I2XA+b/hREr58 dzKAg5Gbc/jiVY3sgwtHjL3CeCsRQEbYHCUWZ4xC4eLVF1XRt6jAgEUu Ykix17AzJ/XmRTmd3sM6uVOn6Gamn7WTLCoaOnwBOr5524Z/POh+bZze /koEgg==
LT0LVNCCOH9A8H5MAV2F490L30FOM2I2.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 LT0QBJO6CEND7LU0M4PHSKTMO7RGQ0TL NS DS RRSIG
LT0LVNCCOH9A8H5MAV2F490L30FOM2I2.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210420120000 20210321120000 54375 pl. UBn0augPyP0Q0t66j+5YMNmqMovsjf+w/iBoCmXYxArnSlktjtG8CMr5 X2X1wlxmdmxZj1QFjS4c5bru+RkN3q0MSAFMfj683f9BkPGuPhipcfwP UrPBO+i/+OueZOZUu8LfMpbwZvmGMgpR7fRJR07RDTZQsZUsOWzVBxOa q/J2JUF4d/M/HEfc8A89fByw3HuT0lsogXvnkLaR1mVYjVm/zPBGAV7w veR7OW0MbgbXwlBsIn5ynxeunqnhZhcYpGS5KyZEhTmSLo/ZGnXXEUFT friQbQbbfcTcPuTHfv3rjYlpw0eYQBnKP6Ks3Ned6+Ya9m2kGuXlzVHG pqo9nA==
;; Received 904 bytes from 2620:10a:80aa::48#53(d-dns.pl) in 50 ms

www.tauron.pl.          3600    IN      A       195.245.224.52
tauron.pl.              3600    IN      NS      dns1.tauron.pl.
tauron.pl.              3600    IN      NS      dns2.tauron.pl.
tauron.pl.              3600    IN      NS      dns3.tauron.pl.
;; Received 163 bytes from 195.245.224.4#53(dns2.tauron.pl) in 65 ms

              It talks to one of the roost servers, the a "pl" tld server, then a "tauron.pl" domain name server , so it obtains a A record for the www.

              When you forward, it talks to one upstream DNS resolver only, waits until it gets a result, and done.

              Your beloved ISP doesn't want you to talk to (one of the) root / tld /name servers ?
              Are you blocking them yourself because you use pfBlockerNG ?

              Do the dig yourself and see what happens.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              I 1 Reply Last reply Reply Quote 1
              • I Offline
                Impovich @Gertjan
                last edited by Impovich

                @gertjan thank you for the reply.
                There is no pfBlockerNG.

                Dig with enabled forwarding.

                ; <<>> DiG 9.16.12 <<>> +trace www.tauron.pl
;; global options: +cmd
.			86400	IN	NS	a.root-servers.net.
.			86400	IN	NS	b.root-servers.net.
.			86400	IN	NS	c.root-servers.net.
.			86400	IN	NS	d.root-servers.net.
.			86400	IN	NS	e.root-servers.net.
.			86400	IN	NS	f.root-servers.net.
.			86400	IN	NS	g.root-servers.net.
.			86400	IN	NS	h.root-servers.net.
.			86400	IN	NS	i.root-servers.net.
.			86400	IN	NS	j.root-servers.net.
.			86400	IN	NS	k.root-servers.net.
.			86400	IN	NS	l.root-servers.net.
.			86400	IN	NS	m.root-servers.net.
.			86400	IN	RRSIG	NS 8 0 518400 20210410170000 20210328160000 42351 . TTAvtgICcIkaHPOvTG27q1E4Igng7PYMVrf2GgL5+Pdodp1Jkov3HO37 gcK8+9JBTieEXMIWvBaBbcUybErh479G+f2Qc9rVbRyJW+IWjazslu8a CJkUKIAfKE6Ks3Pz/io7IHRc2HzhYYAr0v5ooRGH5yd4Xby0SslJg+zh 6j2o04x+SfaEDyh9VItVdHtEeAZ18D76JQZb1lB3/lRd0KiJHv7Y6Eqi TJNLlPoMTzztdBoshTfKSznQURRSYYFfYXM2IugeC5KJl23htoTBtVWL 4m0C6crxQ1sfuUzNnWGmXhGkh2ocnJiwWdfU/WSY7AnnX4TxfHQYFRrW /nDQhg==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 31 ms

pl.			172800	IN	NS	a-dns.pl.
pl.			172800	IN	NS	i-dns.pl.
pl.			172800	IN	NS	c-dns.pl.
pl.			172800	IN	NS	g-dns.pl.
pl.			172800	IN	NS	b-dns.pl.
pl.			172800	IN	NS	e-dns.pl.
pl.			172800	IN	NS	d-dns.pl.
pl.			172800	IN	NS	f-dns.pl.
pl.			172800	IN	NS	h-dns.pl.
pl.			86400	IN	DS	51352 8 2 C4282918DE616A9E3BFFEC1F0652A41CF73DB7EF7F5785DB7359E9E5 9D40048C
pl.			86400	IN	RRSIG	DS 8 1 86400 20210410170000 20210328160000 42351 . cJ2gK+R1IJktjBJOO7LwpTHAmbxvDN3+4p08mzf8RS/odkefZ3cMGjoE sQW1EVxhdEXLtI+7jvh74tzj27zMjX9MPvT8QC4JuLuQa00fj4UGdyzL oYA4Hda2sqUXCPKwHQZtiSHknpW1fdCjlX9XmpiR9X2voIsd2zyo49U3 EpitZg85/BNUjL7nBJ+uaxfFd2MZafGx+kERJQfAKbhOF6qZ3u9Vgtyk v3h94JOHB7q6kk8gZsxvD/s80i5ZEg6jhoYmrJaSo6sjYxni63IxbkzC v8LfUN2HHOSdenyzdXtP6CYsbAL26lQNdUHNGY6N5WQixA3CsTbNZCcy xd18EA==
;; Received 955 bytes from 192.36.148.17#53(i.root-servers.net) in 31 ms

tauron.pl.		86400	IN	NS	dns1.tauron.pl.
tauron.pl.		86400	IN	NS	dns2.tauron.pl.
tauron.pl.		86400	IN	NS	dns3.tauron.pl.
2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 2GLNUCH8GO3NFPDL68PCN7H39LGSLTQB NS SOA TXT RRSIG DNSKEY NSEC3PARAM
2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. zVsuFs5A8wdbwem1k94S8S546aGiv+vdAowJn8IRKnkMgZ6hYksRMEln WxEbMerW2tnFLgzfDOYT/V61BOSK7M8uNL3Cu1hqX5O4aXlzXvVmZIV5 sj6jPfSRt1Z2WCQWsa2/ZWy22TPqh2aJ9fhdUY0mO1/nx/j+vWXt6E0a FEv/2UzUBsef8XvIP/9/fJMJ/cdqL+gg8FjjKW+TmxaRRHbm6fpiOyPX rG1pA8ncnakm10VcdxGDXFPu6GyYBxdwAgdwkCUODtH5dZjv0L2HQ0aH 3q4sPZ1tB/GM/Afwo8+a6ydf7zX9tMHiUVZ4y4THPkV8VWbM1YQ9Wr6k R2NEYA==
lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 LT0QBJO6CEND7LU0M4PHSKTMO7RGQ0TL NS DS RRSIG
lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. hf4ENqemQVztdI/t16cKMnU32fYH3wpJWDasSy54TxVCgSms9W2i64OT oHTI5s/FdEj0ZkYKNB+6lfQZQWdAej4Wnh8N+cI+6wWxny+8UiqQg0oR c3IAkfiaGPnhR6Jx9O82ALlviBxS3jR0EJrIuxAPN0lnnfXl7eF1ObU7 CsxObsTQjh2dxxW0pOegHuJwOt3ZozAdxTWKF/2etJ2BS2VMtjHHP5tV lAOZ6SzYUrbhSdUzrfFetqgbxpSIWYps6pqQU51ER099dRGI4ooOTb1R YnUqNVRQ4kmjhjva7aGVk11C3XYzamqPA18qpP/anh4ipZC+4IUaMnu9 1hSgHg==
;; Received 902 bytes from 93.190.128.146#53(c-dns.pl) in 19 ms

;; connection timed out; no servers could be reached
                I 1 Reply Last reply Reply Quote 0
                • I Offline
                  Impovich @Impovich
                  last edited by Impovich

                  Dig with disabled forwarding

                  ; <<>> DiG 9.16.12 <<>> +trace www.tauron.pl
;; global options: +cmd
.			86324	IN	NS	m.root-servers.net.
.			86324	IN	NS	e.root-servers.net.
.			86324	IN	NS	l.root-servers.net.
.			86324	IN	NS	f.root-servers.net.
.			86324	IN	NS	j.root-servers.net.
.			86324	IN	NS	i.root-servers.net.
.			86324	IN	NS	g.root-servers.net.
.			86324	IN	NS	k.root-servers.net.
.			86324	IN	NS	b.root-servers.net.
.			86324	IN	NS	h.root-servers.net.
.			86324	IN	NS	a.root-servers.net.
.			86324	IN	NS	c.root-servers.net.
.			86324	IN	NS	d.root-servers.net.
.			86324	IN	RRSIG	NS 8 0 518400 20210410170000 20210328160000 42351 . TTAvtgICcIkaHPOvTG27q1E4Igng7PYMVrf2GgL5+Pdodp1Jkov3HO37 gcK8+9JBTieEXMIWvBaBbcUybErh479G+f2Qc9rVbRyJW+IWjazslu8a CJkUKIAfKE6Ks3Pz/io7IHRc2HzhYYAr0v5ooRGH5yd4Xby0SslJg+zh 6j2o04x+SfaEDyh9VItVdHtEeAZ18D76JQZb1lB3/lRd0KiJHv7Y6Eqi TJNLlPoMTzztdBoshTfKSznQURRSYYFfYXM2IugeC5KJl23htoTBtVWL 4m0C6crxQ1sfuUzNnWGmXhGkh2ocnJiwWdfU/WSY7AnnX4TxfHQYFRrW /nDQhg==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

pl.			172800	IN	NS	e-dns.pl.
pl.			172800	IN	NS	d-dns.pl.
pl.			172800	IN	NS	a-dns.pl.
pl.			172800	IN	NS	b-dns.pl.
pl.			172800	IN	NS	i-dns.pl.
pl.			172800	IN	NS	h-dns.pl.
pl.			172800	IN	NS	f-dns.pl.
pl.			172800	IN	NS	g-dns.pl.
pl.			172800	IN	NS	c-dns.pl.
pl.			86400	IN	DS	51352 8 2 C4282918DE616A9E3BFFEC1F0652A41CF73DB7EF7F5785DB7359E9E5 9D40048C
pl.			86400	IN	RRSIG	DS 8 1 86400 20210410170000 20210328160000 42351 . cJ2gK+R1IJktjBJOO7LwpTHAmbxvDN3+4p08mzf8RS/odkefZ3cMGjoE sQW1EVxhdEXLtI+7jvh74tzj27zMjX9MPvT8QC4JuLuQa00fj4UGdyzL oYA4Hda2sqUXCPKwHQZtiSHknpW1fdCjlX9XmpiR9X2voIsd2zyo49U3 EpitZg85/BNUjL7nBJ+uaxfFd2MZafGx+kERJQfAKbhOF6qZ3u9Vgtyk v3h94JOHB7q6kk8gZsxvD/s80i5ZEg6jhoYmrJaSo6sjYxni63IxbkzC v8LfUN2HHOSdenyzdXtP6CYsbAL26lQNdUHNGY6N5WQixA3CsTbNZCcy xd18EA==
;; Received 953 bytes from 192.33.4.12#53(c.root-servers.net) in 24 ms

tauron.pl.		86400	IN	NS	dns1.tauron.pl.
tauron.pl.		86400	IN	NS	dns2.tauron.pl.
tauron.pl.		86400	IN	NS	dns3.tauron.pl.
2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 2GLNUCH8GO3NFPDL68PCN7H39LGSLTQB NS SOA TXT RRSIG DNSKEY NSEC3PARAM
lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 LT0QBJO6CEND7LU0M4PHSKTMO7RGQ0TL NS DS RRSIG
2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. zVsuFs5A8wdbwem1k94S8S546aGiv+vdAowJn8IRKnkMgZ6hYksRMEln WxEbMerW2tnFLgzfDOYT/V61BOSK7M8uNL3Cu1hqX5O4aXlzXvVmZIV5 sj6jPfSRt1Z2WCQWsa2/ZWy22TPqh2aJ9fhdUY0mO1/nx/j+vWXt6E0a FEv/2UzUBsef8XvIP/9/fJMJ/cdqL+gg8FjjKW+TmxaRRHbm6fpiOyPX rG1pA8ncnakm10VcdxGDXFPu6GyYBxdwAgdwkCUODtH5dZjv0L2HQ0aH 3q4sPZ1tB/GM/Afwo8+a6ydf7zX9tMHiUVZ4y4THPkV8VWbM1YQ9Wr6k R2NEYA==
lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. hf4ENqemQVztdI/t16cKMnU32fYH3wpJWDasSy54TxVCgSms9W2i64OT oHTI5s/FdEj0ZkYKNB+6lfQZQWdAej4Wnh8N+cI+6wWxny+8UiqQg0oR c3IAkfiaGPnhR6Jx9O82ALlviBxS3jR0EJrIuxAPN0lnnfXl7eF1ObU7 CsxObsTQjh2dxxW0pOegHuJwOt3ZozAdxTWKF/2etJ2BS2VMtjHHP5tV lAOZ6SzYUrbhSdUzrfFetqgbxpSIWYps6pqQU51ER099dRGI4ooOTb1R YnUqNVRQ4kmjhjva7aGVk11C3XYzamqPA18qpP/anh4ipZC+4IUaMnu9 1hSgHg==
;; Received 902 bytes from 185.159.197.48#53(d-dns.pl) in 43 ms

;; connection timed out; no servers could be reached

                  See no difference

                  connection timed out; no servers could be reached - this is actually strange, but in the first case i can reach it via google chrome, in the second no.

                  if i do the same for google

                  www.google.com.		300	IN	A	216.58.215.68
;; Received 59 bytes from 216.239.34.10#53(ns2.google.com) in 42 ms
                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan @Impovich
                    last edited by

                    Check these :

                    @impovich said in Some Websites not working:

                    tauron.pl. 86400 IN NS dns1.tauron.pl.
                    tauron.pl. 86400 IN NS dns2.tauron.pl.
                    tauron.pl. 86400 IN NS dns3.tauron.pl.

                    It looks like your ISP doesn't want you to use any of these 3 name servers.
                    Connect directly to the 3 name servers and question them :

                    dig @dns1.tauron.pl. www.tauron.pl. A

                    check also dns2 and dns3.

                    @impovich said in Some Websites not working:

                    Dig with enabled forwarding.

                    Unbound is forwarding ?
                    It's still unbound doing the work.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    I 1 Reply Last reply Reply Quote 1
                    • I Offline
                      Impovich @Gertjan
                      last edited by Impovich

                      @gertjan

                      ; DiG 9.16.12 @dns1.tauron.pl. www.tauron.pl. A
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

                      by forwarding, I mean that under the DNS Resolver tab DNS Query Forwarding is enabled

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG Offline
                        Gertjan @Impovich
                        last edited by

                        @impovich said in Some Websites not working:

                        ; DiG 9.16.12 @dns1.tauron.pl. www.tauron.pl. A
                        ; (1 server found)
                        ;; global options: +cmd
                        ;; connection timed out; no servers could be reached

                        There you have it.
                        Some one between you and dns1.tauron.pl doesn't want you to communicate. The traffic never reaches dns1.tauron.pl - or the answer never comes back.
                        Have a chat with your ISP.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        I 1 Reply Last reply Reply Quote 1
                        • I Offline
                          Impovich @Gertjan
                          last edited by

                          @gertjan Already submitted a ticket to my ISP. Thank you one more time for sharing your knowledge and time!

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG Offline
                            Gertjan @Impovich
                            last edited by Gertjan

                            @impovich

                            I presume, when you use your phone = using another 'ISP' and another WAN IP, it works.

                            edit : or use a VPN on pfSense.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            I 1 Reply Last reply Reply Quote 1
                            • I Offline
                              Impovich @Gertjan
                              last edited by Impovich

                              @gertjan I connected to a Polish server using nordVPN and still see the same. VPN is configured on pfsense

                              GertjanG 1 Reply Last reply Reply Quote 0
                              • GertjanG Offline
                                Gertjan @Impovich
                                last edited by Gertjan

                                So without VPN, or with VPN, using two different WAN IP's, you still can't connect to their dns servers ....
                                This innocents your ISP ....
                                Wow : I'm starting to ask myself : maybe these dns servers don't like polish IP's ?
                                You have a VPN, so you can change quickly to another WAN IP.
                                The phone works ?

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                I 3 Replies Last reply Reply Quote 0
                                • I Offline
                                  Impovich @Gertjan
                                  last edited by Impovich

                                  @gertjan From the phone with enabled mobile data everything works.
                                  Will change the country in the VPN later and publish the result here.

                                  1 Reply Last reply Reply Quote 0
                                  • I Offline
                                    Impovich @Gertjan
                                    last edited by

                                    @gertjan so connected to Germany, still the same) looks like something is misconfigured on my side.

                                    GertjanG 1 Reply Last reply Reply Quote 0
                                    • I Offline
                                      Impovich @Gertjan
                                      last edited by

                                      @gertjan just realized that my tests were wrong, pfsense itself is not under VPN :)

                                      1 Reply Last reply Reply Quote 0
                                      • GertjanG Offline
                                        Gertjan @Impovich
                                        last edited by

                                        @impovich said in Some Websites not working:

                                        looks like something is misconfigured on my side.

                                        Easy to check.
                                        Make a backup of the config.
                                        Reset to default.
                                        Re assign interfaces, but change nothing else.
                                        It should work.
                                        If not, it's not on your side.

                                        Can you change your WAN address ?

                                        It is possible that name servers, as any server process, is protected on 'their' side. I'm running myself fail2ban to filter and block IPv4 and IPv6 that do 'strange' requests. It's rare, non advisable, but some IPs out there just hammer all the time.
                                        The default pfSense setup, especially unbound, just works, and should behave ok.

                                        No "help me" PM's please. Use the forum, the community will thank you.
                                        Edit : and where are the logs ??

                                        I 2 Replies Last reply Reply Quote 1
                                        • I Offline
                                          Impovich @Gertjan
                                          last edited by

                                          @gertjan Already did it, even installed PfSesne on the bare metal, nothing changed.
                                          As for WAN address change need to figure out how to put pfsense itself under the VPN

                                          1 Reply Last reply Reply Quote 0
                                          • I Offline
                                            Impovich @Gertjan
                                            last edited by Impovich

                                            @gertjan Hey, good news, it just started to work, maybe my ISP did something

                                            [2.5.0-RELEASE][root@pfSense.home.lan]/root: dig +trace www.tauron.pl

; <<>> DiG 9.16.12 <<>> +trace www.tauron.pl
;; global options: +cmd
.			86400	IN	NS	e.root-servers.net.
.			86400	IN	NS	f.root-servers.net.
.			86400	IN	NS	g.root-servers.net.
.			86400	IN	NS	h.root-servers.net.
.			86400	IN	NS	i.root-servers.net.
.			86400	IN	NS	j.root-servers.net.
.			86400	IN	NS	k.root-servers.net.
.			86400	IN	NS	l.root-servers.net.
.			86400	IN	NS	m.root-servers.net.
.			86400	IN	NS	a.root-servers.net.
.			86400	IN	NS	b.root-servers.net.
.			86400	IN	NS	c.root-servers.net.
.			86400	IN	NS	d.root-servers.net.
.			86400	IN	RRSIG	NS 8 0 518400 20210412050000 20210330040000 42351 . AtIn+4etW9M7KKvpaCmY4J8CPb2Xq5rOEadJ1EX3xnRH6qNWYLsIf4uT ycDTS2Pnp7VhRM+SAveXq6eDWlbWZzDk4+TI2laJMjpXF5/N2PlETU0E rGSWAAGjbjqDfdyNw8/QZr0Y5hiJ+xchtR4whqmtek5GeiU28t+BKmEI fsPKAv1+AbRS36ct+9AYxsjQYD6oYI7HoA82PoieGkHT/W7jstyBPL// tGyDpiM3FiNdFU3NtXtg42jLNSzwG7VXMOIDxBrFjoUxYQhpMRA0uFOV iPAus2+uK6pIH7lwKrUHCAhZmyUebwcC89I/pum9hB887HENQLmbTHdl 0N88Ew==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 31 ms

pl.			172800	IN	NS	g-dns.pl.
pl.			172800	IN	NS	b-dns.pl.
pl.			172800	IN	NS	i-dns.pl.
pl.			172800	IN	NS	f-dns.pl.
pl.			172800	IN	NS	h-dns.pl.
pl.			172800	IN	NS	c-dns.pl.
pl.			172800	IN	NS	e-dns.pl.
pl.			172800	IN	NS	a-dns.pl.
pl.			172800	IN	NS	d-dns.pl.
pl.			86400	IN	DS	51352 8 2 C4282918DE616A9E3BFFEC1F0652A41CF73DB7EF7F5785DB7359E9E5 9D40048C
pl.			86400	IN	RRSIG	DS 8 1 86400 20210412050000 20210330040000 42351 . DIchlYu3Osw8Uqtf9HCPoa4IDlxqXjVmfHLJKQRk2vci8BQRYcK8dcYa iWpheC+1jzulHQPJpQFYf9Hd1vyZbZycZYwJzlnwYmFetTPa5C2wb/s6 YttnG7JHj8jxkd0xXPMfP8cVwjBaN6ZbX3kFZhbCd6eHloVTeEk5Wifq GLgy06Conk6uj59+n0cP32U1MDtMONNNt4D6YAA0EBFuSam06Uh6xQQr Jf0FCJ4ZGOS5YXLw7XiaOkTVZtdbi/7UtYR3BVvm+xR7HhJIu3uyHSqA 34wk7p/hOxJLjZB3UcwL+7or8DuH4Qrv4j2XAZrRZljBk/qOyNosLbjV fErSpQ==
;; Received 953 bytes from 192.33.4.12#53(c.root-servers.net) in 23 ms

tauron.pl.		86400	IN	NS	dns1.tauron.pl.
tauron.pl.		86400	IN	NS	dns2.tauron.pl.
tauron.pl.		86400	IN	NS	dns3.tauron.pl.
2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 2GLNUCH8GO3NFPDL68PCN7H39LGSLTQB NS SOA TXT RRSIG DNSKEY NSEC3PARAM
lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN NSEC3 1 1 12 D561229C8EC3DE91 LT0QBJO6CEND7LU0M4PHSKTMO7RGQ0TL NS DS RRSIG
2glls5cd57bp9ad6ci8u1sfj8guosch7.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. zVsuFs5A8wdbwem1k94S8S546aGiv+vdAowJn8IRKnkMgZ6hYksRMEln WxEbMerW2tnFLgzfDOYT/V61BOSK7M8uNL3Cu1hqX5O4aXlzXvVmZIV5 sj6jPfSRt1Z2WCQWsa2/ZWy22TPqh2aJ9fhdUY0mO1/nx/j+vWXt6E0a FEv/2UzUBsef8XvIP/9/fJMJ/cdqL+gg8FjjKW+TmxaRRHbm6fpiOyPX rG1pA8ncnakm10VcdxGDXFPu6GyYBxdwAgdwkCUODtH5dZjv0L2HQ0aH 3q4sPZ1tB/GM/Afwo8+a6ydf7zX9tMHiUVZ4y4THPkV8VWbM1YQ9Wr6k R2NEYA==
lt0lvnccoh9a8h5mav2f490l30fom2i2.pl. 3600 IN RRSIG NSEC3 8 2 3600 20210427120000 20210328120000 54375 pl. hf4ENqemQVztdI/t16cKMnU32fYH3wpJWDasSy54TxVCgSms9W2i64OT oHTI5s/FdEj0ZkYKNB+6lfQZQWdAej4Wnh8N+cI+6wWxny+8UiqQg0oR c3IAkfiaGPnhR6Jx9O82ALlviBxS3jR0EJrIuxAPN0lnnfXl7eF1ObU7 CsxObsTQjh2dxxW0pOegHuJwOt3ZozAdxTWKF/2etJ2BS2VMtjHHP5tV lAOZ6SzYUrbhSdUzrfFetqgbxpSIWYps6pqQU51ER099dRGI4ooOTb1R YnUqNVRQ4kmjhjva7aGVk11C3XYzamqPA18qpP/anh4ipZC+4IUaMnu9 1hSgHg==
;; Received 902 bytes from 185.159.197.48#53(d-dns.pl) in 37 ms

www.tauron.pl.		3600	IN	A	195.245.224.52
tauron.pl.		3600	IN	NS	dns3.tauron.pl.
tauron.pl.		3600	IN	NS	dns2.tauron.pl.
tauron.pl.		3600	IN	NS	dns1.tauron.pl.
;; Received 163 bytes from 91.220.73.15#53(dns1.tauron.pl) in 32 ms

                                            Thank you for your support. It was really helpful!!

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.