DNS resolver + DNS_PROBE_FINISHED_NXDOMAIN
-
Hi,
I have been using pfsense for years without any issues. Now I'm facing a DNS issue which is driving me crazy. My set up is as follows
ISP modem > pfsense box > Unifi Switches / Unifi APCouple of weeks ago I started to see sporadically DNS_PROBE_FINISHED_NXDOMAIN in Internet browsers on all my clients. Usually I had to refresh/restart the browser and things started to work again. Or sometimes I would only see DNS_PROBE_FINISHED_NXDOMAIN for 1-2s in the browser and then the page reloads itself and it's fine.
My DNS settings are as follows (I'm using the DNS from my ISP. I've also tried to use DNS resolver in forwarding with 8.8.8.8 or 1.1.1.1 as DNS server - it didn't make things any better)
Now I've found a website where I get DNS_PROBE_FINISHED_NXDOMAIN permanently. It's kikkaboo.com
My PC (any clients in my network) can't resolve this hostname using pfsense DNS resolver. But when I use 8.8.8.8 from the same PC it's resolving.
Also when it try it directly from pfsense it's working. So what am I missing?
Thanks
Alen -
By default pfSense uses Unbound as it's own resolver as well as passing that to clients to use.
So as long as you have the default values there clients will be using Unbound running on pfSense and it will be running in resolving mode with DNSSec enabled.
Check the resolver logs when it fails at the client.
The test from pfSense itself shows it succeeding against 127.0.0.1 though.
Steve
-
Who is 10.0.10.1 ?Is this your pfSense LAN interface ?
Unbound listens on the LAN interface ? It does so be default.
LAN interface firewall rules do not block port 53 TCP & UDP ?
