DNS_PROBE_STARTED

scorpoin

Hello,

I hvae configured pfblocker-ng as well and I white-listed the domain
m*******n.com as well but when I do query from my client on lan behind pfsense. I'm getting this following error.

nslookup mgcpakistan.com
Server:  pfSense.local.landomain
Address:  172.16.16.1

DNS request timed out.
    timeout was 2 seconds.
*** pfSense.local.landomain can't find m*******n.com: Server failed

I did an other test I connected my laptop and directly to ISP and test my domain is opening properly and everthing is fine. but I dont get it why it does not work behind pfsense. :/

I'm using public cloud flare dns and also test it directly on ISP router with cloud flare dns 1.1.1.1 site does response . Any idea where else to lookup and resolve this issue.

Regards

Gertjan

@scorpoin

Several checks :
Does the DNS request actually arrive at pfSense, the resolver ?
Execute this on pfSense : a packet capture on LAN using port 53 :

Execute the "nslookup mgcpakistan.com" again.
Did the packet shows up as a DNS request coming into pfSense ? And did it answer ?

Another one :
On the console or SSH access of pfSense, execute the same command.
What did you saw ?

Another one :
Before you've installed pfBlockerng, it did work ?

Another one :
Before you removed/changed default settings on pfSense, like
LAN 192.168.1.1/24 for LAN
Resolving instead of DNS fowarding
Etc.
Did it work ? ( I already know the answer : it did ^^)

scorpoin

@Gertjan
thanks for your prompt response. I was working even after setting up pfblocker-ng and from pfsense ssh console it does response and resolved. :/ . via looking the captured packet it does query to lan ip for resolve but servfaile q:A? . I don't get it why all of sudden this issue .

Regards

Gertjan

@scorpoin

You can see what pfblockerng did with the DNS request.
Ask it.
Do the request again.
Go to Firewall > pfBlockerNG > Alerts and look at the Alerts page.
And the Unified page.
You saw the request for the domain ?

scorpoin

@Gertjan

I already added domain it into my pfblocker-ng white-listing. I could not find it in unified and dnsbl . :/

Where else to look and resolve this issue.

Gertjan

@scorpoin

On my "Unified" report :

Disabling pfBlocker solves the issue :

?

scorpoin

@Gertjan

I have been trouble shooting since morning , then I finally did two things.
1- added domain in pfblocker-ng Host-Over ride with public IP of domain .
2- Changed my WAN ip address.

Restarted resolver service now guess what website is accessible and resolved :/ and then I change back to old WAN to test if it was blocked by datacenter but it was not blocked now domain is accessible on old wan IP too.

Thanks @Gertjan for your tips :).

Regards