DNS Resolver and Forwarder not Working
-
I have a new PFSENSE box that I set up. However, its not resolving any hostnames using the DNS Resolver and DNS Forwarder. If I set the DNS servers to Cloudflares and Googles in the DHCP server settings, it works fine and I am able to connect to the internet. If I manually set the DNS servers in Windows, it works just fine. When using the Resolver or forwarder, I can't resolve any hostnames but I can ping 8.8.8.8 (Google) and 1.1.1.1(Cloudflare). I may have configured something wrong, as this is my first pfsense box. But I am at a loss, I have not idea whats happening. Crude diagram below
-
@tactilebiscuit4 LAN has a default allow-any rule. Did you allow traffic from OPT1 and 2 to pfSense port 53 (TCP and UDP)?
Is the setting "Network Interfaces" set to All so it's listening on all three?
Do you have DNS Query Forwarding on or off?
-
@steveits I have firewall rules like the image for LAN OPT1 and OPT2.
Network interfaces is set to all and Forwarding is off currently, but doesn't fix the issue when its on.
-
@tactilebiscuit4
Did you mess with the outbound NAT? -
@viragomann I haven't messed with it at all. It's still the default setting.
-
@tactilebiscuit4
Did you also state the Cloudflare and Googel server in System > General Setup?What if you try to resolve a host name on pfSense in Diagnostics > DNS Lookup?
What do you get if you resolve a name with nslookup on Windows? What is the responding server?
-
Your image is strange.
A modem in bridge mode on the left side.
The line between this modem goes to the pfSense box : to it's WAN interface.
What is the other WAN round circle in the right bottom corner ? -
@gertjan said in DNS Resolver and Forwarder not Working:
What is the other WAN round circle in the right bottom corner ?
Good question ;)
-
@viragomann I did set them in General Setup. I get the below picture when doing DNS lookup from the pfsense box.
On windows it gives me the IP of the PFSense router but doesn't resolve the hostname of my router and then tells me the DNS request timed-out.
-
-
Ok, that looks pretty basic to me.
I have nearly the same setup, with the exception my ISP device is a router, delivering a RFC1918 like "192.168.10.3" as a WAN IP to my pfSense.
When setting up pfSense it has initially just a LAN (no OPTx) and a WAN.
Just giving it a host name, a domain name and leaving the DNS server list empty :and everything start to work.
A less known secret is (and please keep this for yourself) is that pfSense is like every other router you can buy out there.
I presume you had to chose as a WAN access the "pppoe" mode, and enter a ISP user + password. And that's it, DNS will start working. pfSense will work.Now you can create your OPTx interfaces like this :
and define a pass firewall rule for these interfaces.
Then add a DHCP server instance for these interfaces with a IP pool.
And done. -
@tactilebiscuit4 Can pfSense traceroute to 8.8.8.8? (Diagnostics menu)
-
It can traceroute Googles DNS IP
-
@gertjan Right, I have done that. However, I didn't set up the WAN interface with PPPoE. I set it using DHCP. It gets the correct Public IP. The DNS didn't work even before I set up my OPT1 and OPT2 interfaces. I have a 1200 mbit connection with Xfinity.
-
-
@tactilebiscuit4 said in DNS Resolver and Forwarder not Working:
I set it using DHCP.
Have you checked (set) this option on the General > System setup page :
?
Is there a open access to "all internet addresses", port 53, protocol UDP and TCP ?
-
@gertjan @johnpoz @viragomann @SteveITS I seem to have fixed the issue over the weekend. I am not sure what was wrong but re-installing with the newest version allowed me to use the DNS Resolver. I was using an older version. But installing with 2.6.0 fixed the issue for me. I did notice, however, that when rebooting with the older version, the DNS Resolver service was taking a while to start up. I never actually chekced the services running on the router so its possible that the service was just not able to start. I did "Restart" the service through the Web GUI a few times and it never gave me any indication that it didn't work. Its possible the service was not actually started or in a hung state. Thanks for all your help though, really appreciate all the responses!