pfsense block sites random
-
Check the causes here: https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html
Particularly the MTU on the WAN.
-
i just did test with:
ping -f -l 1472 www.dslreports.com
from a windows vm in paralells app.. and i get the exact value of 1472 like mtu, i set up it in pfsense but nothing changed
sites like parallels.com is still unaccesable but from diagnostinc dns lookup i can get it easily
what's wrong ?
Please suggest me something
really thanks
best regards -
@lp-14 You are using something else other than pfSense for DNS, correct?
What happens when you configure your client to use pfSense for DNS?
Can you try a different browser on your client? -
ok solved, in services dhcp server for each network i specified manually what dns to use. I expected it used automatically the firewall
-
@lp-14 said in pfsense block sites random:
I expected it used automatically the firewall
It does. If you don't set a DNS server in the DHCP server it will pass the interface address or clients to use.
-
let's say .. it should, cause in my case i have:
the firewall with dns in general setting
8.8.8.8
and 192.168.1.200
and block sites...i add in dhcp server
8.8.8.8
192.168.1.200
and the ip of the firewall it selfand don't block sites
-
If you pass 3 DNS servers to the clients via DHCP like that it's entirely up to the client which one it uses. So potentially i could fail to resolve something depending on which one it uses.
The DNS settings in System > General Setup apply only to the firewall itself and not to clients behind it. With no DNS values in the DHCP server settings it will pass the pfSense interface IP which mean clients use Unbound in pfSense. That's the default setup.
-
thanks for the reply
starting situation was:
dns in general setting of the firewall and no dns in dhcp server
sometimes failed to bring me to the siteswas normal ?
thanks
-
No, not if everything else was default. The DNS resolver is enabled with it's default config for example.
It resolves the IPs directly and passes those to clients. It also caches IPs so you wouldn't expect to see failures on the clients in quick succession.
-
I solved setting dns in dhcp relay setting
thanks
