Query refused

mk0001 · Dec 24, 2022, 1:11 PM

Hi, when trying nslookup, I am getting the ' Query refused' error on a Win10 device.

My setup is a bit complicated.

I have a L3 switch doing routing and static routes from pfSense to it. DNS Resolver is enabled for ALL interfaces but my educated guess is that it "does not like" when a dns request comes from an IP that does not match its interfaces. nslookup works OK for clients with IPs matching the IP of pfsense. It fails when I have a client behind a L3 switch with a different IP than the LAN interface of pfSense. DNS is pointing to the LAN of pfSense (I use pfBlocker). Routing works OK. I can ping the Internet through pfSense from a client behind my L3 switch, however, nslookup shows 'query refused'.

Any ideas?

bingo600 · Dec 24, 2022, 1:27 PM

@mk0001

You are prob. 100% correct

Unbound (resolver) doesn't like "Non interface" Networks
Unless you add the "unknown" nets in the ACL section.

Just add the "unknown's there"

Services --> DNS Resolver --> Access Lists

/Bingo

mk0001 · Dec 24, 2022, 1:58 PM

@bingo600
A quick fix. It is working now.

Thank you!