PFSense 2.5.0, DNS Forwarder periodically stops working for both internal and external DNS
-
Been using PFSense for several years (back in the 1.x days). On my old setup I was using the "DNS Forwarder" service to Register all of my static DHCP leases and a few host overrides and provide that along with external DNS to my end computers, effectively allowing my computers to have my router as their DNS server and have it serve both internal and external DNS with no problems.
Several months ago I setup a new PFSense box using 2.5 (Running 2.5.0, I haven't updated yet) and switched from my old setup ("DNS Forwarder") to the "DNS Resolver" service which if I understand is the preferred way of doing DNS on PFSense. Upon doing so I have been periodically getting dropouts on DNS from all clients on LAN...dns simply stops resolving for all clients on my network...no internal DNS, no External DNS, nothing. Originally this would happen once or twice and then stop for a while, however recently (since the last power outage I had) this has now started happening multiple times per day.
Behavior: I will get a message from my wife or kids saying "Internet is down", I'll go to a command prompt on one of my many computers in my office and do "nslookup www.google.com" and get a timeout. I'll then try a local system "nslookup localsystem01" which is defined in the static DHCP Mappings on the Router...no dice, can't NSLookup that system either.
Rebooting the PFSense router however will immediately bring back both local and remote DNS.
Request: What should I be doing to diagnose the problem? I realize that the above isn't enough to go on as a "I'm having a problem halp!" What I'm not sure of, however, is what I should be looking at on the firewall once the problem is occurring to help debug where the issue is? I think the PFSense box itself (from the console menu) still has the capability of doing things like pinging www.google.com but I'll have to check the next time this happens.
Anyone have advice? This wasn't a big issue up to the point where it was happening multiple times a day...now my wife and kids are about to dig out pitch forks and torches with how often their internet goes out.
DNS Resolver Enabled Settings:
- Enabled
- Enable SSL/TLS Service - Enabled
- SSL/TLS Certificate - Auto Generated Web Configurator
- SSL/TLS Listen Port - Default (853, Grayed Out)
- Network Interface - All
- Outgoing Network Interface - All
- System Domain Local Zone Type - Transparent
- DNSSEC Enabled
- DHCP Registration - Enabled
- Static DHCP - Enabled
- Open VPN Clients - Enabled
And a few host overrides at the bottom.
-
So just happened again, the DNS Resolver service appears to be crashing....anyone have ideas on further diagnosis?
-
https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html#dns-resolver
"Changed: Temporarily move back to Unbound 1.12.x due to instability on Unbound 1.13.x"Another common issue is if "DHCP Registration" is enabled that restarts unbound at each lease renewal.
-
Thanks I JUST ran across the redmine issue. (https://redmine.pfsense.org/issues/11316)
I guess count this thread as a "me too". Sorry for the multiple duplicate threads, I hadn't recognized "unbound" as the DNS resolver in use.
-
@illydth upgrading to 2.5.2 does solve the issue