I can't find this DNS entry anywhere in my GUI. How do I change this?

roveer

This post is deleted!

roveer

I assigned the OPT2, enabled it, went to DHCP/SERVER/OPT2 and found the 8.8.8.8, 8.8.4.4 entries. Changed them, disabled, removed the assignment.

I have a laptop that for some reason is picking up 8.8.8.8 & 8.8.4.4 from this firewall. My other laptop is picking up 1.1.1.1 & 1.0.0.1 Going crazy trying to track this down.

Gertjan

@roveer said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

I assigned the OPT2, enabled it, went to DHCP/SERVER/OPT2 and found the 8.8.8.8, 8.8.4.4 entries.

These IP addresses : "8.8.8.8" and "8.8.4.4" and "1.1.1.1" and "1.0.0.1" are not present anywhere in 'pfSense'.
So, if one of your devices is using these, they didn't came from pfSense.

patient0

@roveer What DNS servers have you set in System / General Setup? And have you set any DNS server in the DHCP service that provides the IPs for the two laptops?

I assume these two laptops are both on the network behind OPT2?

roveer

@Gertjan said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

@roveer said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

I assigned the OPT2, enabled it, went to DHCP/SERVER/OPT2 and found the 8.8.8.8, 8.8.4.4 entries.

These IP addresses : "8.8.8.8" and "8.8.4.4" and "1.1.1.1" and "1.0.0.1" are not present anywhere in 'pfSense'.
So, if one of your devices is using these, they didn't came from pfSense.

So i think i figured out how they got in this system. This box was a clean install of 2.7.2 and I was hand configuring all the settings from my old pfsense box. I had a huge list of dhcp reservations I had to put in for the main network and didn't want to spend hours hand typing. So i did a backup of just the dhcp server from the old box and imported it to the new box (this one). I just went back and looked at the .xml file and sure enough down at the bottom where the 8.8.8.8 and 8.8.4.4 addresses.

Now the really strange thing is that they were on hte opt2 interface which i don't even have defined on the old or new box. I had to assign the interface, name it, enable it and then in dhcp I finally got a tab where I could see the google dns entries. i then got rid of them, disabled the interface, unnamed it and removed it's assignment. i guess i could have had it in there from a long time ago where i was messing with pfsenes and learning. I know I was a google dns guy before going to cloudflare. I can't see how those addreses being associated with opt2 which isn't even valid in my firewall were being assigned to a single laptop. After i got rid of them I rebooted laptop, i even did /release /flushdns /renew and rebooted and was still getting them. i then searched the registry, found them buried under tcpip/parameters/interfaces and changed them, rebooted and the changes appeared. I then removed the registry entry and all seemed to be workig again.

All i can say is lately I've been doing a lot of close the lid sleep mode stuff between networks. I found a few posts where these entries get wonky and require cleaning up. Right now it seems to be working, but what a wild goose chase this has all been. It's much cleaner now.

My System/General Setup DNS entries are and always have been 1.1.1.1 and 1.0.0.1. I noticed at another side they were using 1.1.1.1 & 8.8.8.8 which I'm starting to think is a good idea. that way if cloudflair ever takes a complete dive, google is the backup.

Roveer

roveer

@patient0 said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

@roveer What DNS servers have you set in System / General Setup? And have you set any DNS server in the DHCP service that provides the IPs for the two laptops?

I assume these two laptops are both on the network behind OPT2?

That's the crazy thing. OPT2 wasn't even defined. I think it was a coincidence that these were appearing on this one laptop. See my other post as to things I observed, changed and finally seem to have working now.

Roveer

johnpoz

@roveer said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

1.1.1.1 & 8.8.8.8 which I'm starting to think is a good idea

Normally that is actually a bad idea because they don't do the same thing - they can filter, and they can filter different things different.. If you going to point to multiple IPs for dns, in case one goes down - they should return the exact same stuff - either not filter or be sure they filter exactly the same stuff.

If either of those go down, anycast global networks - the internet going to be a shit show anyway while they are down.. You understand 8.8.8.8 doesn't point to just 1 IP or even a cluster of devices in one DC right... It is a global anycast network that spans the planet. Same for cloudflare. Same for AWS dns services.. Same for all the major players that provide dns services.

If your worried about some dns service going down - you should be resolving.. If resolving doesn't work - the internet is down for everyone on the planet.. Doesn't matter what dns service your pointing too..

Now the filtering that cloudflare and google does is prob pretty benign and very very similar so prob not a big deal.. But you can never really be sure which NS is being asked one you have more than one.. So pointing to different ones that could or do filter differently is not good practice.

If you forward, it would take you what all of like .3 seconds to change the forwarding on pfsense to some other service if the one your using went down..

roveer

@johnpoz said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

@roveer said in I can't find this DNS entry anywhere in my GUI. How do I change this?:

1.1.1.1 & 8.8.8.8 which I'm starting to think is a good idea

Normally that is actually a bad idea because they don't do the same thing - they can filter, and they can filter different things different.. If you going to point to multiple IPs for dns, in case one goes down - they should return the exact same stuff - either not filter or be sure they filter exactly the same stuff.

If either of those go down, anycast global networks - the internet going to be a shit show anyway while they are down.. You understand 8.8.8.8 doesn't point to just 1 IP or even a cluster of devices in one DC right... It is a global anycast network that spans the planet. Same for cloudflare. Same for AWS dns services.. Same for all the major players that provide dns services.

If your worried about some dns service going down - you should be resolving.. If resolving doesn't work - the internet is down for everyone on the planet.. Doesn't matter what dns service your pointing too..

Now the filtering that cloudflare and google does is prob pretty benign and very very similar so prob not a big deal.. But you can never really be sure which NS is being asked one you have more than one.. So pointing to different ones that could or do filter differently is not good practice.

If you forward, it would take you what all of like .3 seconds to change the forwarding on pfsense to some other service if the one your using went down..

You keep saying "filtering" you mean controlling what we see?

You make good points. Now I can go back to 1.1.1.1 & 1.0.0.1 like I had and not worry about the end of the world. If it's gonna happen I just hope I'm at the beach...

Roveer

johnpoz

@roveer google and cloudflare only filter bad stuff.. Or at least they say, but only in rare cases with google, clouldflare is more open in saying hey we block bad stuff.. But lets say dns service A filters bad site X, but service B does not.. But since you don't know where your forwarder might ask at any given point in time, are you protected from bad site X or not?

So what is the advantage of their filtering? And once its looked up once, all your clients will get that answer if they ask for it, etc..

The filtering or not filtering would come more into play if you were using say a blocking dns service to block stuff that you want blocked, like adult related stuff, etc. etc.. While your 2nd service does not. Opendns or Umbrella or Adblock sort of services.

Many people choose to use say quad9 because they list blocking bad sites as one of their advantages.. Cloudflare kind of says the same, while google says hey only in really bad cases, etc..

The point is these example services are not all filtering the same way, even if only bad. But that they filter at all - and you wouldn't know which one might get asked at any given time - kind of really throws all of their filtering out the window.. So if your going to use different services, but you don't know if service A and B would block the same thing - you can not be sure you would ever be protected by such a service.

Maybe you forward to these services because of their bad site blocking, but also maybe they block stuff because government says hey block this.. The point is such services are not all going to filter the same way, but if you ask more than one will you or will you not actually be protected, or filtered from something you want to get to, etc.

Same thing goes for if they do dnssec or not - most all the major players do, unless you specific use a special IP they list, etc. But this is another thing that can be different if you don't actually know who your asking when you forward.

While I am not a fan of forwarding - many people do, and hey that is their choice.. My only point is if your going to forward.. No matter who you forward you should get the same answer.. If not it can be very problematic trying to track down some weirdness with some some specific dns query.