Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ISP blocking or interfering with traffic? Cant resolve certain domains all of a sudden

    Scheduled Pinned Locked Moved DHCP and DNS
    25 Posts 6 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • keyserK
      keyser Rebel Alliance @keyser
      last edited by keyser

      @keyser said in ISP blocking or interfering with traffic? Cant resolve certain domains all of a sudden:

      @TheNarc Hmm, it seems it's related to quad9´s regular DNS name records not resolving correct. Depending on where I resolve, dns.quad9.net does not resolve.
      That is needed to resolve for DOT to work (used for certificate verification in TLS setup)

      I think my issue is releated to a bug I have previously experienced pfSense make. Even though SYSTEM -> GENERAL is set for using Remote only (ignore local DNS), it happens pfSense still uses the local service. I have blocked all DOH/DOT server names with pfBlockerNG DNSBL. That seems to cause my own pfsense no to be able to resolve dns.quad9.net at times (thus killing DOT forwarding from UNBOUND).

      Today was the first time in a LOONG time I had WAN down, so it might be happening when WAN is gone, and UNBOUND then continues to remember the NXDOMAIN for dns.quad9.net it got from itself when pfSense tried to use the local DNS service instead of the remote DNS

      EDIT: But it's quite hard to troubleshoote because pfBlockerNG does not log blocks of DOT/DOH servers like it does blocks from various block lists.

      Love the no fuss of using the official appliances :-)

      1 Reply Last reply Reply Quote 0
      • P
        pftdm007 @keyser
        last edited by pftdm007

        @keyser When I reported this issue here, the problem had already been ongoing for about a day or so...

        Since yesterday afternoon I added 2 more DNS servers in General Setup (76.76.2.0 & 76.76.10.0 and "p0.freedns.controld.com" for DOT) and everything is back to normal for me..... These new DNS servers are inserted BEFORE Quad9' DNS servers. Everything else is as per the screenshots I posted above....

        This morning I got a notice from pfsense that unbound was available to update.

        unbound: 1.18.0_1 -> 1.19.1 [pfSense]
        keyserK 1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @pftdm007
          last edited by

          @pftdm007 Yeah, Quad9 still does not work for me, so I’m in root resolver mode until further notice.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 0
          • P
            pftdm007
            last edited by

            Are any of you guys still having issues with Quad9? Things worked for a few days for me when I added the FreeDNS servers but since yesterday or so its flaky at best, especially from everything associated with reddit... Will revert to google's servers until further notice

            keyserK 1 Reply Last reply Reply Quote 0
            • keyserK
              keyser Rebel Alliance @pftdm007
              last edited by

              @pftdm007 I have 2 sites, one site cannot use Quad9 i TLS mode anymore. Works fine i normal forwarding mode, so I’m starting to think it’s my ISP doing something fishy with TLS to that site.

              Love the no fuss of using the official appliances :-)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.