DNS Resolver problems, PC can't resolve domain but firewall can...
-
@Hangnail6119 if you have DHCP lease registration enabled unbound will restart at every lease renewal.
-
@SteveITS
It isn’t enabled, as the screenshot above shows. -
@viragomann Ah yes I was looking at the log not the screenshot. So why did it restart several times in the log? Was that OP restarting it manually?
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
@SteveITS
That’s the interesting question.
Mine starts once a day only, when the WAN IP changes (PPPoE). -
If there is some issue with the wan interface and whatever reason unbound can't bind to it if goes down/up or something then yeah a restart of unbound could fix that.
I am not a fan of the all selection for outgoing connections - just use localhost only. Then if you have some intermittent issue with your want connection it should take unbound down from being bound to the interface..
Or same thing goes for the even the local side interfaces if your having issues with them.. You should fix why those might be going up/down etc.. What does your normal system log show when you see this problem?
-
Hi everyone,
Sorry for late reply, had some unexpected personal event and problem did not occur yet since last time.@viragomann said in DNS Resolver problems, PC can't resolve domain but firewall can...:
Did you try to resolve with nslookup, when the browser is failing?
No, only later :(
@viragomann said in DNS Resolver problems, PC can't resolve domain but firewall can...:
Also change the "DNS Resolution Behavior" as suggested to "use local fall back to remote".
I changed it after your post.
@SteveITS said in DNS Resolver problems, PC can't resolve domain but firewall can...:
if you have DHCP lease registration enabled unbound will restart at every lease renewal.
Do you mean some specific setting or just adding static mappings in
Services > DHCP Server > HOMENETWORK > DHCP Static Mappings for this Interface?
I have those mappings for all devices in my network and I allow only clients from those interfaces to connect.@SteveITS said in DNS Resolver problems, PC can't resolve domain but firewall can...:
So why did it restart several times in the log? Was that OP restarting it manually?
I attached the logs only from that morning when DNS was not working, it looks like first reset was made by my pc waking up, the second reset I did on my own to fix the problem.
@johnpoz said in DNS Resolver problems, PC can't resolve domain but firewall can...:
I am not a fan of the all selection for outgoing connections - just use localhost only.
I will update that.
@johnpoz said in DNS Resolver problems, PC can't resolve domain but firewall can...:
What does your normal system log show when you see this problem?
You mean the linux logs or some general logs in pfSense?
In linux Ping could not resolve domains, I did not check any other logs from pfsense, because I kind of don't know for what I should be looking for ;/PS: I applied all the settings you suggested, I will monitor if everything works as expected and let you know if problem will still occur.
-
@Hangnail6119 said in DNS Resolver problems, PC can't resolve domain but firewall can...:
It's hard for me to wrap my head around this topic in pfSense since it's split to System > General Setup > DNS Server Settings then we have Services > DNS Resolver and Services > DNS Forwarder.
I'll try to make things easier to understand.
This one : Services > DNS Forwarder : it's there for historical reasons. Normally, no one use this 'forwarder', also called by the process name 'dnsmasq' anymore.
This one : Services > DNS Resolver is the one that is activated ans used these days. It needs no settings changes, and will work out of the box (for 99,9 % of us).This one : System > General Setup > DNS Server Settings : No need to change what so ever.
With one exception : change this :
I advise not to use / change these :
( exception : If you have to give some one your private DNS data )
It boils down to one simple thing : when you install pfSense it (DNS) works.
Keep it that way is as easy as : not changing and/or adding settings.
I'm pretty sure that you will find things less mind blowing now ;) -
@Hangnail6119 said in DNS Resolver problems, PC can't resolve domain but firewall can...:
@SteveITS said in DNS Resolver problems, PC can't resolve domain but firewall can...:
if you have DHCP lease registration enabled unbound will restart at every lease renewal.Do you mean some specific setting
This setting, in DNS Resolver:
-
I'm having the same issue and I've tried many options I see with no changes
DNS forwarder works. DNS Resolver doesn't.
Currently have DNS Resolver with no forwarding. DNS Lookup on the firewall works with no issues and the only listed name server is 127.0.0.1There are no firewall logs blocking my network traffic to the firewall, and as mentioned before, with DNS Forwarder setup I was able to resolve DNS on my client using the same DNS Server.
Only thing I just discovered is that I have multiple LANs setup, including a default LAN. If I do a nslookup using my default LAN's gateway as the server, it resolves. I feel like this is critical, but can't quite connect the dots.
-
I have multiple LANs setup, including a default LAN. If I do a nslookup using my default LAN's gateway as the server, it resolves.
Is Resolver listening on All interfaces? Is port 53 TCP/UDP allowed to the other network IPs?
-
DNS Resolver Network Interface is everything except WAN, and Outgoing is All for now.
No reason why port 53 should have been blocked and I wasn't seeing any network traffic blocking it. I added an explicit allow port 53 rule at the top just to make sure, and that didn't affect it.
-
I may have stumbled on the answer. When I looked at status > Interfaces, my LAN was showing as "Down". This is because during initial setup years ago, I had associated each LAN with an interface port, and over time I had eventually moved to a managed switch. So this interface had been listed as "Down".
Once I removed the interface port, the interface now shows as Up, and I'm getting DNS responses from my gateway.
