• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Some TLDs not resolving in pfSense

Scheduled Pinned Locked Moved DHCP and DNS
3 Posts 2 Posters 741 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    Hossimo
    last edited by Nov 29, 2022, 6:56 PM

    Hey there, so I have had periodic issues with some sites partially working and today I think I may have found the cause of some of the issues.

    Today I was directed to a link at http://dev.to that was not working. when I go to the site on my home network I get an NXDOMAIN.

    nslookup dev.to
    Server:  SG2100.home.local
    Address:  192.168.10.1
    *** SG2100.home.local can't find dev.to: Server failed
    

    but if I change the resolver to google it works.

    nslookup dev.to 8.8.8.8
    Server:  dns.google
    Address:  8.8.8.8
    
    Non-authoritative answer:
    Name:    dev.to
    Addresses:  151.101.130.217
              151.101.66.217
              151.101.194.217
              151.101.2.217
    

    or via the Diagnostics:
    f50a262a-729a-4628-9465-5d84365a0d14-image.png

    The SG2100 is 192.168.10.1 and it obviously answers itself, albeit after 452ms?

    Also works on the same machine if I connect to one of my hotspots (thus not on the pfSense network)

    In the Status / DNS Resolver I see the zone
    a63c808d-b176-4a7c-baf2-fe769c114722-image.png

    and in the Status/SystemLogs/DNS Resolver I dont see anything of note.

    On this paticular system I only have the following packages installed:

    • ACMD
    • iperf
    • WireGuard

    So no filtering that I am aware of. and the firewall rules are basically all open.

    Any ideas why this might be happening?

    Thanks

    H 1 Reply Last reply Nov 29, 2022, 8:15 PM Reply Quote 0
    • H
      Hossimo @Hossimo
      last edited by Nov 29, 2022, 8:15 PM

      Well, that sucks. As soon as I send this message it started working.

      Must have been when I did the lookup via the web interface. and DHCP clients were only told of the router as their resolver. So it must have taken a long time or something.

      anyway even after a flushdns it's still working so not sure what happened.

      1 Reply Last reply Reply Quote 0
      • A
        AdriftAtlas
        last edited by Jan 22, 2023, 9:05 AM

        Mine has intermittent issues resolving yelp.to. and forums.lawrencesystems.com. If I wait a bit it will resolve eventually. Not sure what's causing this...

        [22.05-RELEASE][admin@pf]/root: dig yelp.to +trace
        
        ; <<>> DiG 9.16.26 <<>> yelp.to +trace
        ;; global options: +cmd
        .			83331	IN	NS	m.root-servers.net.
        .			83331	IN	NS	a.root-servers.net.
        .			83331	IN	NS	b.root-servers.net.
        .			83331	IN	NS	c.root-servers.net.
        .			83331	IN	NS	d.root-servers.net.
        .			83331	IN	NS	e.root-servers.net.
        .			83331	IN	NS	f.root-servers.net.
        .			83331	IN	NS	g.root-servers.net.
        .			83331	IN	NS	h.root-servers.net.
        .			83331	IN	NS	i.root-servers.net.
        .			83331	IN	NS	j.root-servers.net.
        .			83331	IN	NS	k.root-servers.net.
        .			83331	IN	NS	l.root-servers.net.
        .			83331	IN	RRSIG	NS 8 0 518400 20230204050000 20230122040000 951 . kgDwg7Khx9LoLCgFrS84CkJLkSDNOuBqtLAMat2craBdop37SNc716B3 g31YTlQxXL/y3vnRaxukwEk6MeC/ITL+YR+A3yzaiatUxg/+MacqmkGj m2F2TJ51Qem2yFHQJpiWwD6AWrfE2y2Volt4TAU6np9QkFVEBkcZzVp/ sGF89zD1frlpoZpnjaIXTI6R7vMb7yN1QXi7G6Jnp2f9b5gNU+3WaCU9 eDatxWHltAxh/3szYS2T7nbrkx35KuY2QkyGUZLEz+rSHgQ1AeCqvkBY oNTW/GJ7+V17xjpRgMcZumW9LDl544pheMs/fvaj+JRsFYfBbI1GmmEU v81cow==
        ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
        
        to.			172800	IN	NS	colo.tonic.to.
        to.			172800	IN	NS	tonic.to.
        to.			172800	IN	NS	sydney.tonic.to.
        to.			172800	IN	NS	newyork.tonic.to.
        to.			172800	IN	NS	helsinki.tonic.to.
        to.			172800	IN	NS	frankfurt.tonic.to.
        to.			172800	IN	NS	singapore.tonic.to.
        to.			86400	IN	NSEC	today. NS RRSIG NSEC
        to.			86400	IN	RRSIG	NSEC 8 1 86400 20230204050000 20230122040000 951 . nGj5h4bpgG1raL4+Tu/h065iVwAs8EWsQ8EKR+63cAxzPmGwYtiMgWr0 x/gMZYV89+DRqLRmeHVrHNgCeLCMhkoteqcLOjovfMiFCgVhUuGKN7qg OcqO1yrig2tn6n3H3OQh5T5iICC8WPhMCUgou0INmdM9RDO8Iavx4bv7 dRsZFy/m8Mw9D3n6IOUvRJXmtuSvgmtGiSQyWttaz35ZkVR0STK8Sr5v dYM5iW37qmqO3uatOipxefMS87F+z+v+yqQGpgdWxqulmPzFO3Tuk41L nbbiB+8uwAhvyZTfAs22izl+avw0X1fG34kB9WkS0l6fRp0XYCD/uxEe qnrZWA==
        couldn't get address for 'colo.tonic.to': not found
        couldn't get address for 'tonic.to': not found
        couldn't get address for 'sydney.tonic.to': not found
        couldn't get address for 'newyork.tonic.to': not found
        couldn't get address for 'helsinki.tonic.to': not found
        couldn't get address for 'frankfurt.tonic.to': not found
        couldn't get address for 'singapore.tonic.to': not found
        dig: couldn't get address for 'colo.tonic.to': no more
        
        
        [22.05-RELEASE][admin@pf]/root: dig forums.lawrencesystems.com. +trace
        
        ; <<>> DiG 9.16.26 <<>> forums.lawrencesystems.com. +trace
        ;; global options: +cmd
        .			83286	IN	NS	i.root-servers.net.
        .			83286	IN	NS	j.root-servers.net.
        .			83286	IN	NS	k.root-servers.net.
        .			83286	IN	NS	l.root-servers.net.
        .			83286	IN	NS	m.root-servers.net.
        .			83286	IN	NS	a.root-servers.net.
        .			83286	IN	NS	b.root-servers.net.
        .			83286	IN	NS	c.root-servers.net.
        .			83286	IN	NS	d.root-servers.net.
        .			83286	IN	NS	e.root-servers.net.
        .			83286	IN	NS	f.root-servers.net.
        .			83286	IN	NS	g.root-servers.net.
        .			83286	IN	NS	h.root-servers.net.
        .			83286	IN	RRSIG	NS 8 0 518400 20230204050000 20230122040000 951 . kgDwg7Khx9LoLCgFrS84CkJLkSDNOuBqtLAMat2craBdop37SNc716B3 g31YTlQxXL/y3vnRaxukwEk6MeC/ITL+YR+A3yzaiatUxg/+MacqmkGj m2F2TJ51Qem2yFHQJpiWwD6AWrfE2y2Volt4TAU6np9QkFVEBkcZzVp/ sGF89zD1frlpoZpnjaIXTI6R7vMb7yN1QXi7G6Jnp2f9b5gNU+3WaCU9 eDatxWHltAxh/3szYS2T7nbrkx35KuY2QkyGUZLEz+rSHgQ1AeCqvkBY oNTW/GJ7+V17xjpRgMcZumW9LDl544pheMs/fvaj+JRsFYfBbI1GmmEU v81cow==
        ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
        
        com.			172800	IN	NS	a.gtld-servers.net.
        com.			172800	IN	NS	b.gtld-servers.net.
        com.			172800	IN	NS	c.gtld-servers.net.
        com.			172800	IN	NS	d.gtld-servers.net.
        com.			172800	IN	NS	e.gtld-servers.net.
        com.			172800	IN	NS	f.gtld-servers.net.
        com.			172800	IN	NS	g.gtld-servers.net.
        com.			172800	IN	NS	h.gtld-servers.net.
        com.			172800	IN	NS	i.gtld-servers.net.
        com.			172800	IN	NS	j.gtld-servers.net.
        com.			172800	IN	NS	k.gtld-servers.net.
        com.			172800	IN	NS	l.gtld-servers.net.
        com.			172800	IN	NS	m.gtld-servers.net.
        com.			86400	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
        com.			86400	IN	RRSIG	DS 8 1 86400 20230204050000 20230122040000 951 . D9wfP4fjVUFOevkn3EmmvrjEwNcfNsIVQnMpQ07PJ1DNXM0XDMfTtUkI zBJPRG+tPrk186yy0F2VOeh3200WZiSVALd3JSq79ieZWUSDCQ/EzVBq +CgSQkJjmPm47u7FPK4fFmTL2BP1nv7Bwuxu5zQMa5WEjABQVWqGTmry Fcg7Z4omeIAgb5SiR+sFQuXlbA7fCqlsHK4coNvYsAXnuJEEKSAZ/oUN WigITLfgaJ6qHandU44wi8XHTMp33L+54Uy25PsTizyH8zc6QE3/+QN7 W/yaEn85ra0YVOIzExvs0/j769wXx+WSXcuU9JfDbYegkk3TvvtS/W1O gE/nQQ==
        ;; Received 1186 bytes from 193.0.14.129#53(k.root-servers.net) in 153 ms
        
        lawrencesystems.com.	172800	IN	NS	ns1.lawrence.technology.
        lawrencesystems.com.	172800	IN	NS	ns2.lawrence.technology.
        lawrencesystems.com.	172800	IN	NS	ns3.lawrence.technology.
        lawrencesystems.com.	172800	IN	NS	ns4.lawrence.technology.
        CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
        CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230126052302 20230119041302 36739 com. jU0jDdLit4qUktHrFwTh+jVxOYvRWcbFuSbj/IE2LkQ7FMcmUETuXuDV NZcBXYqVwxSiWjo38Q/x4o84qu10aLafUtUXlCe3uS8Ogkz9YWi9QEuh XmQmhYX9c0RIb0oKg/EGx5K6MflaG2aANx0QZCKefO0w0ejXTrzjXjUW Nhfb8NqRD4c2M1Sw4kdaUhBfiuq/rW2fL8WvyVEH3baXrw==
        U6O0OCQU8V5GTBRGTLMHBJ4G87A1EE0L.com. 86400 IN NSEC3 1 1 0 - U6O18CIKNDUF3GMAVN7R2VOV25LFBOK3 NS DS RRSIG
        U6O0OCQU8V5GTBRGTLMHBJ4G87A1EE0L.com. 86400 IN RRSIG NSEC3 8 2 86400 20230127063104 20230120052104 36739 com. pyXaWNOuNrS0orReEht37LeN6mqL0N1cnh/sA+EPdoqsJvDkuiBMpG3L anzx2jeVxtpYKL8PcAVFZ6/BOsgwL8gDZvOx8Zy9MLp4umRsyD78LnXn ytjok7zgJFSLV5WVrVZ/iF2Px3H+97wHovxiZ9S59v/2JKW8+JA+IU1s 3YA8BvwA+Qd3XLKxURK5UcLTytxTM/r727t21eMcQMKBsg==
        couldn't get address for 'ns1.lawrence.technology': not found
        couldn't get address for 'ns2.lawrence.technology': not found
        couldn't get address for 'ns3.lawrence.technology': not found
        couldn't get address for 'ns4.lawrence.technology': not found
        dig: couldn't get address for 'ns1.lawrence.technology': no more
        
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received