pfsense blocking certain/some sites
-
Ok, so it sounds like a DNS issue.
Go to Diag > DNS Lookup in pfSense and try to resolve
www.bsnl.co.in
. What results does it show?By default all clients behind pfSense should use pfSense for their own DNS but clients may choose not to do that. So if that resolves on pfSense but not at the client check the local DNS settings at the client.
Steve
-
@stephenw10 tthanks pal www.bsnl.co.in started opening after doing dns lookup but portal.bsnl.in, portal.bsnl.in are not opening.pls help
-
Do those resolve correctly in pfSense? In Diag > DNS Lookup?
-
@stephenw10 There is another thread about this here: https://forum.netgate.com/topic/174426/pfsense-blocking-some-sites/6
-
@stephenw10 all three getting resolved but only bsnl.co.in opens in browser rest two portal.bsnl.in,
portal2.bsnl.in aint opening in browser (tho getting resolved) -
What error is shown when you try?
Did you try multiple browsers?
Do you see any blocked traffic to/from the IPs they resolve to?
More generally:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.htmlSteve
-
@stephenw10 ya i tried safari opera edge brave but non worked the most common error is dns not found but in opnsense these websites works fine idk where problem is cz its fresh install(also tried everything from link you mentioned)
-
So it's still intermittently failing to resolve?
Does it resolve reliably in Diag > DNS Lookup?
What error do you see when it does resolve?
Steve
-
@stephenw10
I have no issues w. those sites ...
See
https://forum.netgate.com/post/1064413 -
Yup, works fine for me too.
So this looks like either something in your config or in your route.
It's probably not a firewall rule issue though so it would be better to continue here IMO.
You need to try to determine exactly what is failing.
Steve
-
@stephenw10 im kind of noob here also its fresh install just upgraded to plus from ce(sites aint working in both) but in opnsense(fresh install) it works idk whats problem is please help guys tho clinging to opnsense aint any issue but opnsense aint got alias bandwidth limiting
-
@stephenw10 said in pfsense blocking certain/some sites:
So it's still intermittently failing to resolve?
Does it resolve reliably in Diag > DNS Lookup?
What error do you see when it does resolve but still fails to open?Same questions. ^
-
-
@gurveer
What happens if you go directly to the website via the ip address ?https://117.239.179.10/
You might have to accept (make an exception) on the certificate , as the cert will only match the below marked domains.
After allowing an exception for the website i see this
What do you see ???
Edit:
And just to recap.
Do you still have DNS issues ?Or does a
nslookup portal.bsnl.in
Return the ip address : 117.255.216.68
Edit2:
Did we ever see OP's Unbound Config screenshots and the System --> General setup "DNS section" setup screenshots ??/Bingo
-
-
-
Mmm, this still feels like a DNS problem until we can prove conclusively it's not!
-
@bingo600 like you said it opened after using ip https://117.239.179.10/ instead portal2.bsnl.in now what to do?
-
@stephenw10 its resolves in diag>dns lookup but aint opening in browser when using portal2.bsnl.in and this is the error i get on browser "This site canāt be reached portal.bsnl.inās DNS address could not be found. Diagnosing the problem.
DNS_PROBE_POSSIBLE" -
@bingo600 where to find unbound configurations and screenshot of dns setup is here!
-
@gurveer
This is the DNS server used by pfSense itself.The DNS resolver requests root DNS servers by default. But you can set it into the forwarder mode, so that it forward queries to even the DNS server stated in general setup.
To enable forwarding mode go to Services > DNS Resolver and check "DNS Query Forwarding".Ensure that you browser uses pfSense for DNS resolution, not some DoH servers.
-
@gurveer said in pfsense blocking certain/some sites:
its resolves in diag>dns lookup
What is the actual result of that test? All configured DNS servers respond? In a timely manner?
If pfSense can resolve that (on all it's comfigured servers) and your client cannot then the only conclusion is that your client is not using pfSense for DNS.
Steve
-
@viragomann thanks it worked (tho disabled dns resolver )btw what does this dns forwarding means ?