Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense DNS stops working - searching logs

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 2 Posters 500 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by michmoor

      This is a sudden and random phenomenon.

      Negate 6100 running 23.05

      This issue has happened yesterday evening and now this morning. DNS stops working on my LAN. Thinking it might be a local issue I started getting alerts from my uptimeKuma instance in Linode (wireguard tunnel back to pfsense). I have an alert set up to query pfsense DNS every minute. Then i noticed i couldnt resolve local domains (going through HA proxy) and external domains such as Google or cnn or Facebook. I have logs being dumped into Graylog but i dont know what if anything i should look for to determine root cause.
      Although DNS was not functioning, routing was working fine as i was able to ping/traceroute to external IPs by using IP addrs. Its defiently a pfSense issue as local and remote sites not responding but im not sure how to dig through the logs.

      Any help would be appreciated it.

      Local computer
      1a205df2-69ae-4286-8244-9951ad82e20f-image.png

      Uptime Kuma DNS check - Notice the time lines up with the local computer outage.
      6af8bb19-1d8e-471c-b0a7-956254e1221c-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Are you using Unbound with DoT in forwarding mode?

        If so you can try this workaround: https://redmine.pfsense.org/issues/14056#note-6

        Steve

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @stephenw10
          last edited by

          @stephenw10 Interesting...

          I am pointing to CloudFlare for Upstream DNS

          85b8b42b-73a8-40af-89f6-55fc1593c04e-image.png

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Then try that workaround.

            M 2 Replies Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @stephenw10
              last edited by

              @stephenw10
              Just put in the workaround. Interesting that i am now running into this. Reading the noted thread in the redmine. If it happens again ill let you know.
              Thanks for the quick response.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              1 Reply Last reply Reply Quote 0
              • M
                michmoor LAYER 8 Rebel Alliance @stephenw10
                last edited by

                @stephenw10 The only thing i would say is would this impact internal name resolution as well? As i mentioned i couldnt resolve anything internal - sites that go through my HA Proxy set up.

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  I wouldn't expect it to but then again I wouldn't have expected an ASLR issue to affect external queries like that either.

                  It's a known issue and you are running a configuration that I expect to hit it.

                  M 1 Reply Last reply Reply Quote 1
                  • M
                    michmoor LAYER 8 Rebel Alliance @stephenw10
                    last edited by

                    @stephenw10 Fair enough. Appreciate it man.

                    Firewall: NetGate,Palo Alto-VM,Juniper SRX
                    Routing: Juniper, Arista, Cisco
                    Switching: Juniper, Arista, Cisco
                    Wireless: Unifi, Aruba IAP
                    JNCIP,CCNP Enterprise

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.