Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues after upgrading to 23.01

    General pfSense Questions
    3
    11
    937
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Rebel Alliance @digitalvt
      last edited by

      @digitalvt There are several threads about DNS issues. If you are forwarding, disable DNSSEC and if that doesn’t work disable DNS over TLS.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Mmm, how does it fail, what error is shown?

        D 1 Reply Last reply Reply Quote 0
        • D
          digitalvt @stephenw10
          last edited by

          @stephenw10

          For instance, forum.netgate.com, I’m getting This site can’t be reached

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            But what's the actual error shown? It just isn't repsonding? It cannot be resolved?

            Can you ping the same FQDN?

            D 1 Reply Last reply Reply Quote 0
            • D
              digitalvt @stephenw10
              last edited by digitalvt

              @stephenw10

              I’ve just performed a Factory Reset and then Restored from the previous backup from this morning. And still get issues.

              I’m getting “The site can’t be reached”, netgate.com took too long to respond.
              Err_Timed_Out.

              Same for forum.netgate.com.

              But oddly, BBC.com and Apple.com are reached okay and load okay!?

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @digitalvt
                last edited by

                @digitalvt Browser errors can be multiple things. For example I've seen reports of Comcast outages this morning.

                Verify it's a DNS issue by running "nslookup netgate.com" (and other hostnames) on your PC.

                Did you look at my suggested settings?

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                D 1 Reply Last reply Reply Quote 0
                • D
                  digitalvt @SteveITS
                  last edited by

                  @steveits
                  Thanks Steve.
                  I don’t have DNS forwarder enabled. Have unticked Enable DNSSEC Support in DNS Resolver.

                  Performed a DNS Lookup (within pfsense) of Newgate.com and I get 199.60.103.4, of which I can ping. But I cannot ping netgate.com, it cannot be resolved?

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Rebel Alliance @digitalvt
                    last edited by

                    @digitalvt I meant, forwarding from the DNS Resolver settings. DNSSEC is apparently problematic while forwarding, and while it seemingly worked fine in previous versions several people report failures in 23.01.

                    199.60.103.4 is the IP I get. Did you try a DNS lookup from your PC? nslookup will also show what DNS server that PC is using...

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 1
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      I would expect to see 'site cannot be resolved' or similar if it's a DNS issue. Easy to test though, just try to ping one of the sites that's failing and see what the error is. If there is one.

                      D 1 Reply Last reply Reply Quote 1
                      • D
                        digitalvt @stephenw10
                        last edited by

                        @stephenw10
                        @SteveITS

                        It seemed a weird issue, I could navigate to the bbc.com, apple.com but netgate.com and this forum I could not resolve. I could ping those addresses.

                        I unticked the DNSSEC support, which gave me the above results.

                        So, just for laughs and giggles, I Factory Reset pFsense and manually inputted the barest setups and went and unticked the DNSSEC support button and ALL was GOOD. Could get everywhere.

                        Am assuming that since this has been an old setup that I have added and added (for over 10 years), that along the way there is something not quite right, an issue buried long ago that has now bitten me on the bum.

                        So, am going to take this opportunity to (almost) start again, I've been able to re-import restore areas, such as OpenVPN (although I need to add new user certificates ).

                        Oh well. Thanks all for your kind help!

                        Ian

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.