DNS Resolver : Pfsense re-install
-
Hi,
I have more and more often problem with DNS Resolver, each time restart it.
Question : re-install Pfsense would resolve it? Or is it a natif problem for this Pfs release ? -
@Khampol said in DNS Resolver : Pfsense re-install:
Or is it a natif problem for this Pfs release ?
Of course its a native problem.
pfSense doesn't handle DNS very well, or not at all.
That's why these millions of pfSense server will stop using it tomorrow.
The problem is even bigger.
If you think it's a DNS problem, why not posting in the DNS sub forum ?
and before posting, have a look (read) first.
If millions of pfSEnse users have problem, a big part would be asking questions also.
Do you see the thousands of message per minute about this major pfSense DNS issue ?
(Right, humm .. I get it, DNS doesn't work, so they can find even this forum - so no messages)Shall I go on for a bit more ?
I'll give you the fastest solution.
First : the situation.
Netgate makes a firewall router system.
Netgate doesn't know everything about every ISP on the planet.
This means that pfSense, when installed, use the most known connection method. And guess what ? Every sold PC, on any OS known, every phone, Pad and all the cameras, printers and the zillion of connected device all use the same connection method .... DHCP.So, connect your pfSense to your ISP connection (probably ISP router or modem or whatever) and - roll the drums - your done.
That is, some of us have manged to choose (or had to choose) this ISP that uses a less known connection method.
This means you have to work it out yourself. I don't know how your 'unknown' (to me) ISP works, but I'm sure it can be worked out. You are probably not the one and only client of your ISP.
Did you ever found a list with known ISP that don't work with pfSense ?
Right, me neither
So, your connected.
Next possible issue : your ISP (again).
Do they allow traffic ?
I mean :
All know protocols ? The most know are TCP, UDP, IMCP, and many others.
Can you connect to 0.0.0.1 to 254.254.254.25 ( 4,294,967,296 unique addresses ) ? Or all known IPv4 addresses ?
Can you access all known port ? from 1 to 65535 ?If your ISP is transparent, you can access these 3, also known as the Internet' as a whole ? I yes this means pfSense will work for you the moment you've installed it.
Try this one, as it always works :
Install pfSense clean.
Connect a first time to the GUI. You'll see a popup box with disclaimers, copy rights etc.
You are asked to change the admin password.Then : stop doing anything. Do not use the keyboard anymore. Don't change anything no where.
I'll be more precise : do not add/change/edit whatever any DNS settings;Now you have the same situation that you would have with any other router that you can buy out there (tplink, dlink etc etc etc etc - but also your ISP router) :
Roll the drums : it works.So why DNS wouldn't work for you ?
I've just one question : what DNS setting did you change ?
And I tell you this : No, you didn't need to do this. If it was needed, pfSense wouldn't work out of the box, as outlined above. But it probably did.
And what you broke your DNS ... so undo what you did, and you'll be fine.Ok, sorry for the rent. I've made up my story, to counter yours : "natif problem for this Pfs release".
Mine is rather easy to fact check : go visit your neighbor that also sues pfSense and ask him the question : does it work for you ?Let's do what we are supposed to do on a forum. Don't say "doesn't work", tell more about it and some one will spot what's wrong and propose you the solution.
-
Yes, how exactly is it failing for you? More details needed.
-
@stephenw10 This happens from time to time lately nothing dramatic, I just retrart it manually (most of time I really enjoy using pfs). My router is about more than 4 or 5 years without any clean install maybe I have to considered it
-
So clients just stop being able to resolve? Does the service actually stop? Anything logged when that happens?
-
@stephenw10 This is the problem : the service didn't stop, all looks ok but some website cannot be load, so I just restart the DNS Resolver then all back to normal. I didn't note the time happen so cannot see clear in log.
Btw I use [pfBlockerNG], could it be in concern in my case ? -
@Khampol said in DNS Resolver : Pfsense re-install:
I use [pfBlockerNG], could it be in concern in my case ?
It could be. It depends how it fails at the client. Does it specifically show a DNS error in the browser?
If you try to ping some host b FQDN does it fail? What error is shown there?
-
@stephenw10 I find this somewhere
pfSsh.php playback svc restart unboundThis could restart the DNS Resolver ? If I put this in a CRON, every day? It should do the trick no ;) ?
-
It would restart it, yes. Seems like papering over the issue though.
-
-
@Khampol said in DNS Resolver : Pfsense re-install:
@stephenw10 This is the problem : the service didn't stop, all looks ok but some website cannot be load, so I just restart the DNS Resolver then all back to normal.
Are you forwarding DNS? If so ensure DNSSEC is disabled.
Btw I use [pfBlockerNG], could it be in concern in my case ?
Unlikely but maybe out of memory or something. Try disabling it.
-
Are you forwarding DNS? If so ensure DNSSEC is disabled.Nope. (It's disable)
Unlikely but maybe out of memory or something. Try disabling it.I do not think so, see :
And please, I cannot live without it! Web nowaday is polluted
-
@stephenw10
I input this
Hope it is correct ? Please correct me if i'm wrong. Thx -
Probably OK. You might need to call the php binary directly. Make sure it runs. Check the logs and see.
-
@stephenw10 said in DNS Resolver : Pfsense re-install:
You might need to call the php binary directly
Please could you explain? The command maybe?
-
So like:
/usr/local/bin/php -f /usr/local/sbin/pfSsh.php playback svc restart unbound
