Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver : Pfsense re-install

    Scheduled Pinned Locked Moved General pfSense Questions
    16 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Khampol
      last edited by

      Hi,
      I have more and more often problem with DNS Resolver, each time restart it.
      Question : re-install Pfsense would resolve it? Or is it a natif problem for this Pfs release ?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Khampol
        last edited by

        @Khampol said in DNS Resolver : Pfsense re-install:

        Or is it a natif problem for this Pfs release ?

        Of course its a native problem.
        pfSense doesn't handle DNS very well, or not at all.
        That's why these millions of pfSense server will stop using it tomorrow.
        The problem is even bigger.
        If you think it's a DNS problem, why not posting in the DNS sub forum ?

        ba5c09b6-803f-48b7-8f05-5878a112688b-image.png

        and before posting, have a look (read) first.
        If millions of pfSEnse users have problem, a big part would be asking questions also.
        Do you see the thousands of message per minute about this major pfSense DNS issue ?
        (Right, humm .. I get it, DNS doesn't work, so they can find even this forum - so no messages)

        Shall I go on for a bit more ? ๐Ÿ˜Š
        I'll give you the fastest solution.
        First : the situation.
        Netgate makes a firewall router system.
        Netgate doesn't know everything about every ISP on the planet.
        This means that pfSense, when installed, use the most known connection method. And guess what ? Every sold PC, on any OS known, every phone, Pad and all the cameras, printers and the zillion of connected device all use the same connection method .... DHCP.

        So, connect your pfSense to your ISP connection (probably ISP router or modem or whatever) and - roll the drums - your done.

        That is, some of us have manged to choose (or had to choose) this ISP that uses a less known connection method.
        This means you have to work it out yourself. I don't know how your 'unknown' (to me) ISP works, but I'm sure it can be worked out. You are probably not the one and only client of your ISP.
        Did you ever found a list with known ISP that don't work with pfSense ?
        Right, me neither ๐Ÿ‘

        So, your connected.
        Next possible issue : your ISP (again).
        Do they allow traffic ?
        I mean :
        All know protocols ? The most know are TCP, UDP, IMCP, and many others.
        Can you connect to 0.0.0.1 to 254.254.254.25 ( 4,294,967,296 unique addresses ) ? Or all known IPv4 addresses ?
        Can you access all known port ? from 1 to 65535 ?

        If your ISP is transparent, you can access these 3, also known as the Internet' as a whole ? I yes this means pfSense will work for you the moment you've installed it.

        Try this one, as it always works :
        Install pfSense clean.
        Connect a first time to the GUI. You'll see a popup box with disclaimers, copy rights etc.
        You are asked to change the admin password.

        Then : stop doing anything. Do not use the keyboard anymore. Don't change anything no where.
        I'll be more precise : do not add/change/edit whatever any DNS settings;

        Now you have the same situation that you would have with any other router that you can buy out there (tplink, dlink etc etc etc etc - but also your ISP router) :
        Roll the drums : it works.

        So why DNS wouldn't work for you ?

        I've just one question : what DNS setting did you change ?
        And I tell you this : No, you didn't need to do this. If it was needed, pfSense wouldn't work out of the box, as outlined above. But it probably did.
        And what you broke your DNS ... so undo what you did, and you'll be fine.

        Ok, sorry for the rent. I've made up my story, to counter yours : "natif problem for this Pfs release".
        Mine is rather easy to fact check : go visit your neighbor that also sues pfSense and ask him the question : does it work for you ?

        Let's do what we are supposed to do on a forum. Don't say "doesn't work", tell more about it and some one will spot what's wrong and propose you the solution.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yes, how exactly is it failing for you? More details needed. ๐Ÿ˜‰

          K 1 Reply Last reply Reply Quote 0
          • K
            Khampol @stephenw10
            last edited by

            @stephenw10 This happens from time to time lately nothing dramatic, I just retrart it manually (most of time I really enjoy using pfs). My router is about more than 4 or 5 years without any clean install maybe I have to considered it ๐Ÿ˜Š

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              So clients just stop being able to resolve? Does the service actually stop? Anything logged when that happens?

              K 1 Reply Last reply Reply Quote 0
              • K
                Khampol @stephenw10
                last edited by

                @stephenw10 This is the problem : the service didn't stop, all looks ok but some website cannot be load, so I just restart the DNS Resolver then all back to normal. I didn't note the time happen so cannot see clear in log.
                Btw I use [pfBlockerNG], could it be in concern in my case ?

                stephenw10S S 2 Replies Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator @Khampol
                  last edited by

                  @Khampol said in DNS Resolver : Pfsense re-install:

                  I use [pfBlockerNG], could it be in concern in my case ?

                  It could be. It depends how it fails at the client. Does it specifically show a DNS error in the browser?

                  If you try to ping some host b FQDN does it fail? What error is shown there?

                  K 1 Reply Last reply Reply Quote 0
                  • K
                    Khampol @stephenw10
                    last edited by

                    @stephenw10 I find this somewhere

                    pfSsh.php playback svc restart unbound
                    

                    This could restart the DNS Resolver ? If I put this in a CRON, every day? It should do the trick no ;) ?

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      It would restart it, yes. Seems like papering over the issue though.

                      K 2 Replies Last reply Reply Quote 0
                      • K
                        Khampol @stephenw10
                        last edited by

                        @stephenw10 Great, thanx.

                        Seems like papering over the issue though.
                        

                        Yes, :>

                        1 Reply Last reply Reply Quote 0
                        • S
                          SteveITS Galactic Empire @Khampol
                          last edited by

                          @Khampol said in DNS Resolver : Pfsense re-install:

                          @stephenw10 This is the problem : the service didn't stop, all looks ok but some website cannot be load, so I just restart the DNS Resolver then all back to normal.

                          Are you forwarding DNS? If so ensure DNSSEC is disabled.

                          Btw I use [pfBlockerNG], could it be in concern in my case ?

                          Unlikely but maybe out of memory or something. Try disabling it.

                          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                          Upvote ๐Ÿ‘ helpful posts!

                          K 1 Reply Last reply Reply Quote 0
                          • K
                            Khampol @SteveITS
                            last edited by Khampol

                            @SteveITS

                            Are you forwarding DNS? If so ensure DNSSEC is disabled.
                            

                            Nope. (It's disable)

                            Unlikely but maybe out of memory or something. Try disabling it.
                            

                            I do not think so, see :
                            77db4f20-f07e-462d-a3bb-e7b9c0f325d4-image.png
                            And please, I cannot live without it! Web nowaday is polluted ๐Ÿ˜“

                            1 Reply Last reply Reply Quote 0
                            • K
                              Khampol @stephenw10
                              last edited by

                              @stephenw10
                              I input this
                              48d2c9c5-ce4d-4f24-b226-142154eccca3-image.png
                              Hope it is correct ? Please correct me if i'm wrong. Thx ๐Ÿ˜‰

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Probably OK. You might need to call the php binary directly. Make sure it runs. Check the logs and see.

                                K 1 Reply Last reply Reply Quote 0
                                • K
                                  Khampol @stephenw10
                                  last edited by

                                  @stephenw10 said in DNS Resolver : Pfsense re-install:

                                  You might need to call the php binary directly

                                  Please could you explain? The command maybe?

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    So like:
                                    /usr/local/bin/php -f /usr/local/sbin/pfSsh.php playback svc restart unbound

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.