DNS resolving not working

forumate · Apr 14, 2024, 4:52 PM

Hi,

I have a pfSense VM in Hyper-V connected to the WAN virtual switch of my home network.

The IP of the WAN is 192.168.2.23

I also have a private LAN switch connected to the pfSense VM and set to act as a DHCP server, with IP range of 172.16.0.1/24

I then created an Ubuntu Desktop VM to login to the web interface on 172.16.0.1.
It works - I can login. However, there is problem with going to other websites.

I believe it has to do with DNS because I can ping websites by their IP from the pfSense VM, and from the Ubuntu VM, but when I try to ping their domain name I get:

Temporary failure in name resolution

(I can ping domains from the pfSense though)

What can I do to fix it?

Maybe I should disable DNS resolver and use DNS forwarder on the port (53) instead?

Update: Yes, when I disabled DNS resolver and enabled DNS forwarder it started working!

Thanks

viragomann · Apr 14, 2024, 6:25 PM

@forumate said in DNS resolving not working:

Update: Yes, when I disabled DNS resolver and enabled DNS forwarder it started working!

The different is, the DNS forwarder forwards requests to the DNS server you've stated in System > General, while the Resolver uses DNS root servers to resolve requests.

So obviously pfSense has no access to root servers for whatever reason. Maybe limited by your ISP or inside your network in front of pfSense.

forumate · Apr 14, 2024, 8:54 PM

@viragomann Could it be related to the setup I mentioned above?

i.e. that I have the Ubuntu machine on a private virtual switch on a completely different IP range? And then it can have access to the internet only via the WAN virtual switch that is connected to the pfSense VM - which is the one in charge of resolving DNS? (And then forwarding it?)

And of course I am not too good at networking so I may have written some nonsense above :)

viragomann · Apr 14, 2024, 9:17 PM

@forumate
The Ubuntu machine might use pfSense as DNS server to resolve names. So pfSense has to resolve its requested host names. As mentioned above, this is either done via DNS root server, when using the DNS Resolver, or by forwarding request to the DNS server stated in the general settings or even it got from the WAN DHCP if applied.

I cannot tell you, why pfSense can't access the root servers if your setup, but it might be something in front of it.

forumate · Apr 15, 2024, 7:10 PM

@viragomann Networking is so complicated

viragomann · Apr 15, 2024, 8:01 PM

@forumate
There is a punch of nice tools to investigate network issues.

Your Ubuntu machine might have dig on board, a tool to resolve host names.
So you can run e.g.

dig @1.1.1.1 google.com

This tries to resolve 'google.com' using the DNS server 1.1.1.1, which is Cloudflare.
Ensure that you have allowed any on pfSense on the LAN interface, where the VM is connected to.

Here you can find a list of DNS Root Servers, which are used by the Resolver.
You can also try one of these, however, they only resolve the TLD. But you get an idea if you can reach them.

You can also run this command in pfSense.

If your ISP really blocks DNS requests to any other servers, you will have no other option than use the ISP's DNS.
You can also switch the Resolver into the forwarding mode to use the DNS servers given by DHCP or which you stated on the General settings page.