Unable to ping google.com but successfully ping 8.8.8.8

apal00

@viragomann From PC:

nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

Diagnostics DNS Lookup
Host "google.com" could not be resolved.
DNS Lookup
Hostname
google.com
Timings
Name server Query time
127.0.0.1 0 msec
192.168.10.1 No response

Interfaces
WAN UP 1000baseT <full-duplex> 192.168.10.35
LAN UP 1000baseT <full-duplex> 192.168.1.1

WAN IPV4 Configuration Type:DHCP
WAN Bloack Private/Bogon network option-unchecked
Default Firewall - No entry in WAN

A Former User

@apal00 said in Unable to ping google.com but successfully ping 8.8.8.8:

Get DNS Address automatically from ISP.

Could you show your dasboard I want to see what it shows on the dns server please.

apal00

@silence
I would like to call out that it takes almost a minute to load dashboard

A Former User

@apal00 and your gateway?

firewall rules wan and lan ?

post screenshot please!

apal00

@silence

viragomann

@apal00 said in Unable to ping google.com but successfully ping 8.8.8.8:

Diagnostics DNS Lookup
Host "google.com" could not be resolved.
DNS Lookup
Hostname
google.com
Timings
Name server Query time
127.0.0.1 0 msec
192.168.10.1 No response

So pfSense gets no response from the stated DNS server 192.168.10.1.

The reason won't be on pfSesne. Ensure that the server is responding or set another one in System > General Setup.
If you want to use another, remove the check at "DNS Server Override".

johnpoz

@viragomann said in Unable to ping google.com but successfully ping 8.8.8.8:

set another one in System > General Setup.

While sure he should get a response from there - out of the box pfsense would resolve, and that server doesnt' matter.

I would say his wan going offline and not the sendto errors to his pfsense gateway 192.168.10.1 would be more of a clue that his connection isn't even working.

Its quite possible his upstream router doesn't allow for dns to roots, etc. maybe it is doing dns interception?

viragomann

@johnpoz
Agree. But it's also thinkable that he is running a DNS forwarder, so DNS requests from behind are going to his router.
I would expect, that he would talking notice if his WAN is going offline.

johnpoz

@viragomann said in Unable to ping google.com but successfully ping 8.8.8.8:

that he would talking notice if his WAN is going offline.

You would think ;) But he made no mention of it other than posting it.. That was just the latest log interies. Nor did he make any mention of changing the default unbound.

Ya know something like I changed my unbound to forward, and its not working ;)

A Former User

@apal00 change monitor IP TO 8.8.8.8

Disable Ipv6

Allow_All_IN WAN

Add Rules = Allow * * * * *

A Former User

@apal00 IN DNS SERVER = 8.8.8.8

Try Again !

apal00

@silence issue remains after those changes.
@viragomann - i've unchecked the DNS Server Override with DNS server set as 8.8.8.8 but no success
@johnpoz @viragomann - I did notice that error of sendto 65 error and those are right after the installation. Reason I've ignored those is that I am able to ping 8.8.8.8, 1.1.1.1, 192.168.10.1 and other machines on 192.168.10.1 network. All nslookup requests are failing.
I've also noticed that the date & time in log files seem to be incorrect. I believe it is because of the DNS resolution issue again. pfsense is not able to synchronize the clock using ntp service in the general setup

johnpoz

@apal00 so your forwarding to your upstream router and googledns. But then you asked for 192.168.10.1

Try and resolve something like www.google.com or www.cnn.com etc.

if those does not resolve when your forwarding - then you have serious issue upstream, etc.

BTW having dnssec enabled while forwarding doesn't make a lot of sense, where you forward either does dnssec or it doesn't having that enabled does really nothing. It shouldn't cause you failure to resolve something like www.google.com, but its not a good setting when forwarding.

apal00

@johnpoz
@viragomann
@Silence

Thank you so much for your support. I am able to resolve this issue. Root cause seems to be related to Intel i225v Intel 2.5G Nic. It seems there is an issue most likely in FreeBSD version used by pfsense 2.5.2. It is not fully supporting this nic card.

Steps to resolve this issue:
System-->Advanced -->Networking
Network Interfaces
Hardware Checksum Offloading - I had to check this box. Checking this is to disable hardware checksum offload.

Thank you once again,