Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 20:12:42 GMT

johnpoz — Fri, 23 Jun 2023 20:12:42 GMT

@noitalever said in Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN:

advanced privacy options in the dns resolver I had checked.

And what are those? You were forwarding somewhere over tls?

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 19:36:23 GMT

noitalever — Fri, 23 Jun 2023 19:36:23 GMT

@Gertjan Thank you for this response, it was helpful.

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 19:33:12 GMT

noitalever — Fri, 23 Jun 2023 19:33:12 GMT

@noitalever EDIT: I updated to 23.05 and the problem went away, and all previous resolver settings are now back to normal.
from my brief stumbling around, I think it was an issue with their website not liking the advanced privacy options in the dns resolver I had checked.
-now to learn how to "dig".

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 19:32:47 GMT

SteveITS — Fri, 23 Jun 2023 19:32:47 GMT

@noitalever there is Diagnostics/Command prompt, though it is not interactive so can only run commands that end/complete.

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 19:28:07 GMT

noitalever — Fri, 23 Jun 2023 19:28:07 GMT

@johnpoz Yep, I knew you were doing it on pfsense, I just have never had to do this with a pfsense box before and since this is a netgate appliance i didn't know if it was a "helpful gui" type thing where it hid things "most" people shouldn't need.

I'm mostly windows server guy. For firewalls, Fortigate where the console is built into the gui. This netgate gui didn't lend itself to a place where I would be able to use that command, hence my reply. Someone else gave me useful information, so i'm good.

We all have to start somewhere, and not knowing the steps to do something is pretty standard until you do.

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 09:52:23 GMT

johnpoz — Fri, 23 Jun 2023 09:52:23 GMT

@noitalever said in Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN:

but where do I "dig"?

Thought it would be pretty clear from my posted example - clearly showing I was on pfsense ;)

doesn't the 23.05 release at the prompt give it away?

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 05:08:29 GMT

Gertjan — Fri, 23 Jun 2023 05:08:29 GMT

@noitalever said in Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN:

but where do I "dig"?

You have dig.
Its part of the commandset of pfSense.
SSH into pfSense using Putty if you have a Micirosft device, or use a native ssh client on all other devices.

Or use the console 'serial/USB' access if you have a Netgate device.
For other, VGA builds : use the keyboard + screen.

When you see the menu, use option 8 shell).

[23.05-RELEASE][root@pfSense.verylocal.net]/root: dig papamurphys.com +short
217.114.85.70

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 01:56:01 GMT

SteveITS — Fri, 23 Jun 2023 01:56:01 GMT

@noitalever It’s common on *nix OSs but you can install on Windows:
https://docs.digitalocean.com/tutorials/use-dig/

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 01:51:38 GMT

noitalever — Fri, 23 Jun 2023 01:51:38 GMT

@johnpoz Thanks, and complete noob question, but where do I "dig"? I don't see a shell or terminal and the "command" menu choice seems to just want me to send a command, but not sure how to format it.

i'm obviously missing something... obvious. since the forums don't seem to have instructions.

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Fri, 23 Jun 2023 00:39:23 GMT

SteveITS — Fri, 23 Jun 2023 00:39:23 GMT

@noitalever not really related but if you are not forwarding normally, why set pfSense to not query itself? I guess it would work in that config.

Are there any rules, including floating, that might block DNS?

There is this, which I don’t think made it into 23.05:
https://redmine.pfsense.org/issues/14056

Reply to Website won't resolve. says DNS_PROBE_FINISHED_NXDOMAIN on Thu, 22 Jun 2023 23:24:44 GMT

johnpoz — Thu, 22 Jun 2023 23:24:44 GMT

@noitalever resolves here

;; QUESTION SECTION:
;papamurphys.com. IN A

;; ANSWER SECTION:
papamurphys.com. 3600 IN A 217.114.85.70

I resolve vs forwarding..

the settings for remote or local in general has zero to do with clients asking unbound for something, that only has to do with pfsense itself trying to resolve something.

If you are using unbound on default and resolving and not forwarding do a dig +trace to see where you might be failing in the resolve process.

[23.05-RELEASE][admin@sg4860.local.lan]/root: dig papamurphys.com +trace

; <<>> DiG 9.18.13 <<>> papamurphys.com +trace
;; global options: +cmd
.                       6943    IN      NS      l.root-servers.net.
.                       6943    IN      NS      m.root-servers.net.
.                       6943    IN      NS      a.root-servers.net.
.                       6943    IN      NS      b.root-servers.net.
.                       6943    IN      NS      c.root-servers.net.
.                       6943    IN      NS      d.root-servers.net.
.                       6943    IN      NS      e.root-servers.net.
.                       6943    IN      NS      f.root-servers.net.
.                       6943    IN      NS      g.root-servers.net.
.                       6943    IN      NS      h.root-servers.net.
.                       6943    IN      NS      i.root-servers.net.
.                       6943    IN      NS      j.root-servers.net.
.                       6943    IN      NS      k.root-servers.net.
.                       6943    IN      RRSIG   NS 8 0 518400 20230704170000 20230621160000 60955 . gWRNcv5tKshs4O8Lq62sWKgJ8UshBnH5sCfGEnIzSn/lthDJw2GnaMc/ OMcH+kSK8uKBCdMw23qW85ZNe7XUbXQtMSwU8Lo9iU+yuIZydaTZzk83 A4uncWMKZPw33tY3q0J6TFaEdood/FMg5Szeusg/NKZOfuk89BcltR+V ct8vZqVwxWtBPE8m+dMSz2FaNYcPm9G88skw+A0viO1hgTMkEtBYWWoO 7nbtD0UpPOYfueIXLREpSXQT7Aw0sDirTQBqaDCVLpgkZZkF73CH/+QH rEp16BMvXq6CDjucKlZp+T9d8hjlpwIZIUnVHGOT6NOcVaH1ElIdJzMG 4hVjJw==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.                    86400   IN      RRSIG   DS 8 1 86400 20230705170000 20230622160000 60955 . mahLAMMrZ7kVmoMSJdQ/plxvoCb7fHlLD4QFfpdBMDGNKYwSW14ANUOi P8dzQ83lBB+Qv4Rw07XafvykrlOvfOsFssD9mL+n/auvMLiLxornO4fs ZQjwW4pgDTLvbq3LCsh1r97sfevuRep2Y63+/hv/tcd8/E0edaPAWKH3 w9yn/upKyFX97lMA2h6QFf5t+3mmF4Zge5ueq8VvQvi4v4rNa04easfh uUMxKF/a34TpJgwzYoG5qCpTMVupNIXUUZ435benV9libtn4PT2Zn23t 1DGKxbfrO7mJxLHB6t9plUxQzBwbWcr5QivpyjSttBW50pDqc/eej2OA p1CrAQ==
;; Received 1175 bytes from 2001:500:2d::d#53(d.root-servers.net) in 21 ms

papamurphys.com.        172800  IN      NS      pdns13.domaincontrol.com.
papamurphys.com.        172800  IN      NS      pdns14.domaincontrol.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230627042518 20230620031518 46551 com. HfAI+YRdruDFRrUwxPdrcjD3IpzH8FpMwbtAOZEXGFV7wdQcIVZ0jQ4V J5cTrrln4DOL7e6gvqaxnreMIhljyU8iUpmKqBCR/s5vI96486yJvo5k f4hIwBW31cQtLzKQz4jsC1S7ja+yJY5JMoagnzHPmZRwCQ1Jt42yJZ/j Nta0rulw5kFuCp3lpaNOLawObJ64nm6PURwTR21IFySPRw==
9U5UJJSVMT5UGI2DJLSS62PFK422OM8T.com. 86400 IN NSEC3 1 1 0 - 9U5V5ASDLE8O1NIT423QC740155MSSGM NS DS RRSIG
9U5UJJSVMT5UGI2DJLSS62PFK422OM8T.com. 86400 IN RRSIG NSEC3 8 2 86400 20230629051553 20230622040553 46551 com. AXPHGo9wdJpR2+rMhxn8dwG2N9+ZKqhMN7e24Qu4E5r/5nmxFZ4ykNoS o/SZwZMoYhLdwQfs8BRfcARO3KBDtZ7ja1YS9gsmT2/cpoSljpt6ClTD irisZdR5RPNAnbKfidHodi6gWPj2Io1zftt3gJevp8SlwPqHHrdt0JnJ 7DJOep2kKDlZ50e8ptJp+9eL+NzZy/kj1MTJhGHV4wHkNA==
;; Received 681 bytes from 2001:502:7094::30#53(j.gtld-servers.net) in 61 ms

papamurphys.com.        600     IN      A       217.114.85.70
papamurphys.com.        3600    IN      NS      pdns14.domaincontrol.com.
papamurphys.com.        3600    IN      NS      pdns13.domaincontrol.com.
;; Received 116 bytes from 97.74.110.56#53(pdns13.domaincontrol.com) in 14 ms

[23.05-RELEASE][admin@sg4860.local.lan]/root: