pfsense 2.7.0-BETA
-
@stephenkwabena said in pfsense 2.7.0-BETA:
works fine with those DNS
With what dns - you have given no details at all what dns you have setup.. pfsense being able to resolve if it has dns setup has nothing to do with a client asking unbound to resolve something if unbound isn't running for example..
-
@johnpoz This Is the basic setup and DNS override. Not only DNS issue but if I add another LAN interface i.e LAN2 or Guest LAN no internet as well
-
@stephenkwabena said in pfsense 2.7.0-BETA:
This Is the basic setup and DNS override.
dns override to what? Out of the box unbound is a resolver.. Is the service even running?
Do a simple check on pfsense.
23.05-RELEASE][admin@sg4860.local.lan]/root: dig www.google.com ; <<>> DiG 9.18.13 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24107 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 609 IN A 142.250.190.68 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Sun Jun 18 18:16:04 CDT 2023 ;; MSG SIZE rcvd: 59 [23.05-RELEASE][admin@sg4860.local.lan]/root:
See how its talking to 127.0.0.1 - that would validate unbound is running and can resolve... Or use the dns diag.. what does that show.
Without some details - there is nothing anyone can do to help you figure out what is wrong - clearly with know dns is not working for your clients.. Since you can not ping by name google and even resolve the IP..
-
@stephenkwabena Yes
-
You go something wrong if 127.0.0.1 takes almost 1 second to resolve google.com, does it resolve faster if you do it again right away. What is this 10.10.16.1 IP?
Do you have it setup to forward? Or is it resolving which is default.
can we see its setup
where are you clients pointing too.. what is IP address of pfsense on the lan.. on your client just do a nslookup
$ nslookup Default Server: sg4860.local.lan Address: 192.168.9.253 >
192.168.9.253 is my lan Ip of pfsense, and unbound is listening on my lan - see my above settings. If you client is pointing at your lan pfsense IP, and you don't get back pfsense name - like you see on mine sg4860.local.lan - what are the firewall rules on your lan interface?
-
@johnpoz 10.10.16.1 is my WAN or ISP router's IP
-
@johnpoz said in pfsense 2.7.0-BETA:
You go something wrong if 127.0.0.1 takes almost 1 second to resolve google.com, does it resolve faster if you do it again right away. What is this 10.10.16.1 IP?
Do you have it setup to forward? Or is it resolving which is default.
can we see its setup
where are you clients pointing too.. what is IP address of pfsense on the lan.. on your client just do a nslookup
$ nslookup Default Server: sg4860.local.lan Address: 192.168.9.253 >
192.168.9.253 is my lan Ip of pfsense, and unbound is listening on my lan - see my above settings. If you client is pointing at your lan pfsense IP, and you don't get back pfsense name - like you see on mine sg4860.local.lan - what are the firewall rules on your lan interface?
My firewall rules is same as yours in the picture. My clients points to pfsense. My pfsense IP is 192.168.1.1
-
@stephenkwabena and when you do a nslookup on your client what do you get?
-
This post is deleted! -
@johnpoz This what I get
-
Ok so unbound is running and your clients are pointing at it.. And it resolves its own name via ptr query.
Where are you unbound settings. At a loss to why you are showing ping from the diagnostics?
-
-
@johnpoz said in pfsense 2.7.0-BETA:
Where are you unbound settings
Please, can show me where to find the settings?
-
@stephenkwabena in the resolver
-
-
@johnpoz Another issue. I have upgraded to pfsense 2.7.0-BETA, when I added a new interface for Guest's or hotspot, there is no internet on that LAN.
Below are my configuration
My firewall rule for the guest or hotspot lan
My DHCP settings too
-
If not fixed and still relevant : have a look at the unbound service.
For a similar issue I had to enable "DNS Query Forwarding" where before the "DNS Query Forwarding" was not enable and never needed.
The pfsense box itself had a working DNS setup, but DHCP clients behind the pfsense box could not connect due to DNS not resolving addresses issues.
-
I see nothing here that indicates it's actually a DNS issue. It was just speculated that it might be a DNS problem.
How is it actually failing on clients behind pfSense?
-
@stephenw10 said in pfsense 2.7.0-BETA:
I see nothing here that indicates it's a DNS issue.
Yes, I can access pfsense GUI using the domain name I resolved (https://firewall.mydomain.com) same LAN.
-
OK so when you're testing from a client that cannot reach the internet how does it fail? What error do you see?
-
@stephenw10 said in pfsense 2.7.0-BETA:
What error do you see?
The only thing I get with a client connected via cable and wireless is "connected, no internet" but I can access the pfsense GUI