Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Some TLDs not resolving in pfSense

    DHCP and DNS
    2
    3
    741
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hossimo
      last edited by

      Hey there, so I have had periodic issues with some sites partially working and today I think I may have found the cause of some of the issues.

      Today I was directed to a link at http://dev.to that was not working. when I go to the site on my home network I get an NXDOMAIN.

      nslookup dev.to
      Server:  SG2100.home.local
      Address:  192.168.10.1
      *** SG2100.home.local can't find dev.to: Server failed
      

      but if I change the resolver to google it works.

      nslookup dev.to 8.8.8.8
      Server:  dns.google
      Address:  8.8.8.8
      
      Non-authoritative answer:
      Name:    dev.to
      Addresses:  151.101.130.217
                151.101.66.217
                151.101.194.217
                151.101.2.217
      

      or via the Diagnostics:
      f50a262a-729a-4628-9465-5d84365a0d14-image.png

      The SG2100 is 192.168.10.1 and it obviously answers itself, albeit after 452ms?

      Also works on the same machine if I connect to one of my hotspots (thus not on the pfSense network)

      In the Status / DNS Resolver I see the zone
      a63c808d-b176-4a7c-baf2-fe769c114722-image.png

      and in the Status/SystemLogs/DNS Resolver I dont see anything of note.

      On this paticular system I only have the following packages installed:

      • ACMD
      • iperf
      • WireGuard

      So no filtering that I am aware of. and the firewall rules are basically all open.

      Any ideas why this might be happening?

      Thanks

      H 1 Reply Last reply Reply Quote 0
      • H
        Hossimo @Hossimo
        last edited by

        Well, that sucks. As soon as I send this message it started working.

        Must have been when I did the lookup via the web interface. and DHCP clients were only told of the router as their resolver. So it must have taken a long time or something.

        anyway even after a flushdns it's still working so not sure what happened.

        1 Reply Last reply Reply Quote 0
        • A
          AdriftAtlas
          last edited by

          Mine has intermittent issues resolving yelp.to. and forums.lawrencesystems.com. If I wait a bit it will resolve eventually. Not sure what's causing this...

          [22.05-RELEASE][admin@pf]/root: dig yelp.to +trace
          
          ; <<>> DiG 9.16.26 <<>> yelp.to +trace
          ;; global options: +cmd
          .			83331	IN	NS	m.root-servers.net.
          .			83331	IN	NS	a.root-servers.net.
          .			83331	IN	NS	b.root-servers.net.
          .			83331	IN	NS	c.root-servers.net.
          .			83331	IN	NS	d.root-servers.net.
          .			83331	IN	NS	e.root-servers.net.
          .			83331	IN	NS	f.root-servers.net.
          .			83331	IN	NS	g.root-servers.net.
          .			83331	IN	NS	h.root-servers.net.
          .			83331	IN	NS	i.root-servers.net.
          .			83331	IN	NS	j.root-servers.net.
          .			83331	IN	NS	k.root-servers.net.
          .			83331	IN	NS	l.root-servers.net.
          .			83331	IN	RRSIG	NS 8 0 518400 20230204050000 20230122040000 951 . kgDwg7Khx9LoLCgFrS84CkJLkSDNOuBqtLAMat2craBdop37SNc716B3 g31YTlQxXL/y3vnRaxukwEk6MeC/ITL+YR+A3yzaiatUxg/+MacqmkGj m2F2TJ51Qem2yFHQJpiWwD6AWrfE2y2Volt4TAU6np9QkFVEBkcZzVp/ sGF89zD1frlpoZpnjaIXTI6R7vMb7yN1QXi7G6Jnp2f9b5gNU+3WaCU9 eDatxWHltAxh/3szYS2T7nbrkx35KuY2QkyGUZLEz+rSHgQ1AeCqvkBY oNTW/GJ7+V17xjpRgMcZumW9LDl544pheMs/fvaj+JRsFYfBbI1GmmEU v81cow==
          ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
          
          to.			172800	IN	NS	colo.tonic.to.
          to.			172800	IN	NS	tonic.to.
          to.			172800	IN	NS	sydney.tonic.to.
          to.			172800	IN	NS	newyork.tonic.to.
          to.			172800	IN	NS	helsinki.tonic.to.
          to.			172800	IN	NS	frankfurt.tonic.to.
          to.			172800	IN	NS	singapore.tonic.to.
          to.			86400	IN	NSEC	today. NS RRSIG NSEC
          to.			86400	IN	RRSIG	NSEC 8 1 86400 20230204050000 20230122040000 951 . nGj5h4bpgG1raL4+Tu/h065iVwAs8EWsQ8EKR+63cAxzPmGwYtiMgWr0 x/gMZYV89+DRqLRmeHVrHNgCeLCMhkoteqcLOjovfMiFCgVhUuGKN7qg OcqO1yrig2tn6n3H3OQh5T5iICC8WPhMCUgou0INmdM9RDO8Iavx4bv7 dRsZFy/m8Mw9D3n6IOUvRJXmtuSvgmtGiSQyWttaz35ZkVR0STK8Sr5v dYM5iW37qmqO3uatOipxefMS87F+z+v+yqQGpgdWxqulmPzFO3Tuk41L nbbiB+8uwAhvyZTfAs22izl+avw0X1fG34kB9WkS0l6fRp0XYCD/uxEe qnrZWA==
          couldn't get address for 'colo.tonic.to': not found
          couldn't get address for 'tonic.to': not found
          couldn't get address for 'sydney.tonic.to': not found
          couldn't get address for 'newyork.tonic.to': not found
          couldn't get address for 'helsinki.tonic.to': not found
          couldn't get address for 'frankfurt.tonic.to': not found
          couldn't get address for 'singapore.tonic.to': not found
          dig: couldn't get address for 'colo.tonic.to': no more
          
          
          [22.05-RELEASE][admin@pf]/root: dig forums.lawrencesystems.com. +trace
          
          ; <<>> DiG 9.16.26 <<>> forums.lawrencesystems.com. +trace
          ;; global options: +cmd
          .			83286	IN	NS	i.root-servers.net.
          .			83286	IN	NS	j.root-servers.net.
          .			83286	IN	NS	k.root-servers.net.
          .			83286	IN	NS	l.root-servers.net.
          .			83286	IN	NS	m.root-servers.net.
          .			83286	IN	NS	a.root-servers.net.
          .			83286	IN	NS	b.root-servers.net.
          .			83286	IN	NS	c.root-servers.net.
          .			83286	IN	NS	d.root-servers.net.
          .			83286	IN	NS	e.root-servers.net.
          .			83286	IN	NS	f.root-servers.net.
          .			83286	IN	NS	g.root-servers.net.
          .			83286	IN	NS	h.root-servers.net.
          .			83286	IN	RRSIG	NS 8 0 518400 20230204050000 20230122040000 951 . kgDwg7Khx9LoLCgFrS84CkJLkSDNOuBqtLAMat2craBdop37SNc716B3 g31YTlQxXL/y3vnRaxukwEk6MeC/ITL+YR+A3yzaiatUxg/+MacqmkGj m2F2TJ51Qem2yFHQJpiWwD6AWrfE2y2Volt4TAU6np9QkFVEBkcZzVp/ sGF89zD1frlpoZpnjaIXTI6R7vMb7yN1QXi7G6Jnp2f9b5gNU+3WaCU9 eDatxWHltAxh/3szYS2T7nbrkx35KuY2QkyGUZLEz+rSHgQ1AeCqvkBY oNTW/GJ7+V17xjpRgMcZumW9LDl544pheMs/fvaj+JRsFYfBbI1GmmEU v81cow==
          ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
          
          com.			172800	IN	NS	a.gtld-servers.net.
          com.			172800	IN	NS	b.gtld-servers.net.
          com.			172800	IN	NS	c.gtld-servers.net.
          com.			172800	IN	NS	d.gtld-servers.net.
          com.			172800	IN	NS	e.gtld-servers.net.
          com.			172800	IN	NS	f.gtld-servers.net.
          com.			172800	IN	NS	g.gtld-servers.net.
          com.			172800	IN	NS	h.gtld-servers.net.
          com.			172800	IN	NS	i.gtld-servers.net.
          com.			172800	IN	NS	j.gtld-servers.net.
          com.			172800	IN	NS	k.gtld-servers.net.
          com.			172800	IN	NS	l.gtld-servers.net.
          com.			172800	IN	NS	m.gtld-servers.net.
          com.			86400	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
          com.			86400	IN	RRSIG	DS 8 1 86400 20230204050000 20230122040000 951 . D9wfP4fjVUFOevkn3EmmvrjEwNcfNsIVQnMpQ07PJ1DNXM0XDMfTtUkI zBJPRG+tPrk186yy0F2VOeh3200WZiSVALd3JSq79ieZWUSDCQ/EzVBq +CgSQkJjmPm47u7FPK4fFmTL2BP1nv7Bwuxu5zQMa5WEjABQVWqGTmry Fcg7Z4omeIAgb5SiR+sFQuXlbA7fCqlsHK4coNvYsAXnuJEEKSAZ/oUN WigITLfgaJ6qHandU44wi8XHTMp33L+54Uy25PsTizyH8zc6QE3/+QN7 W/yaEn85ra0YVOIzExvs0/j769wXx+WSXcuU9JfDbYegkk3TvvtS/W1O gE/nQQ==
          ;; Received 1186 bytes from 193.0.14.129#53(k.root-servers.net) in 153 ms
          
          lawrencesystems.com.	172800	IN	NS	ns1.lawrence.technology.
          lawrencesystems.com.	172800	IN	NS	ns2.lawrence.technology.
          lawrencesystems.com.	172800	IN	NS	ns3.lawrence.technology.
          lawrencesystems.com.	172800	IN	NS	ns4.lawrence.technology.
          CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
          CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230126052302 20230119041302 36739 com. jU0jDdLit4qUktHrFwTh+jVxOYvRWcbFuSbj/IE2LkQ7FMcmUETuXuDV NZcBXYqVwxSiWjo38Q/x4o84qu10aLafUtUXlCe3uS8Ogkz9YWi9QEuh XmQmhYX9c0RIb0oKg/EGx5K6MflaG2aANx0QZCKefO0w0ejXTrzjXjUW Nhfb8NqRD4c2M1Sw4kdaUhBfiuq/rW2fL8WvyVEH3baXrw==
          U6O0OCQU8V5GTBRGTLMHBJ4G87A1EE0L.com. 86400 IN NSEC3 1 1 0 - U6O18CIKNDUF3GMAVN7R2VOV25LFBOK3 NS DS RRSIG
          U6O0OCQU8V5GTBRGTLMHBJ4G87A1EE0L.com. 86400 IN RRSIG NSEC3 8 2 86400 20230127063104 20230120052104 36739 com. pyXaWNOuNrS0orReEht37LeN6mqL0N1cnh/sA+EPdoqsJvDkuiBMpG3L anzx2jeVxtpYKL8PcAVFZ6/BOsgwL8gDZvOx8Zy9MLp4umRsyD78LnXn ytjok7zgJFSLV5WVrVZ/iF2Px3H+97wHovxiZ9S59v/2JKW8+JA+IU1s 3YA8BvwA+Qd3XLKxURK5UcLTytxTM/r727t21eMcQMKBsg==
          couldn't get address for 'ns1.lawrence.technology': not found
          couldn't get address for 'ns2.lawrence.technology': not found
          couldn't get address for 'ns3.lawrence.technology': not found
          couldn't get address for 'ns4.lawrence.technology': not found
          dig: couldn't get address for 'ns1.lawrence.technology': no more
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.