Single website won't resolve for clients - resolves fine for pfSense itself

johnpoz

@lparker tell you right now this is NOT a pfsense issue...

How would redirect its own traffic to itself and resolve something when you asked 1.2.3.4 for something?

You have restarted unbound I am sure right? how would you be getting back that zero ttl? since once you restart unbound there is no way for that to be in the cache, etc.

lparker

@johnpoz Well since clients worked with statically set public DNS servers and DNS Forwarding works in place of DNS Resolver, are you still convinced its a DNS redirect somewhere? I almost think maybe unbound got corrupted? It was already reloaded, yes.

johnpoz

@lparker yeah - they are not redirecting 8.8.8.8 maybe... But how would pfsense redirect traffic to itself, especially when you stated you don't have any redirection setup.. And if it was - why would it not redirect 8.8.8.8?

You can't do an outbound nat on your wan to yourself..

Sorry but asking 1.2.3.4 for dns and getting an answer is clearly redirection of dns.. period.. Here is an idea - why don't you stop unbound completely.. Now do your query to 1.2.3.4 as your test.

Look at your +trace you did from before

advantechwifi.com.      0       IN      A       199.38.182.75
advantechwifi.com.      0       IN      A       199.38.182.52
;; Received 78 bytes from 199.9.14.201#53(b.root-servers.net) in 36 ms

There is no possible way the root server answered with that.. The root servers don't have such info.. So your saying pfsense somehow redirect outbound traffic to itself, and answered with that info? After a restart of unbound how would it have that info in its cache?

Do you even have serve zero setup - that is not a default setting..

To prove it to yourself - turn off the unbound service.. Make sure pfsense isn't listening on 53 with netstat or something, now do your directec query tests.. query 1.2.3. 4 etc..