DNS Resolver : Pfsense re-install
-
Hi,
I have more and more often problem with DNS Resolver, each time restart it.
Question : re-install Pfsense would resolve it? Or is it a natif problem for this Pfs release ? -
@Khampol said in DNS Resolver : Pfsense re-install:
Or is it a natif problem for this Pfs release ?
Of course its a native problem.
pfSense doesn't handle DNS very well, or not at all.
That's why these millions of pfSense server will stop using it tomorrow.
The problem is even bigger.
If you think it's a DNS problem, why not posting in the DNS sub forum ?and before posting, have a look (read) first.
If millions of pfSEnse users have problem, a big part would be asking questions also.
Do you see the thousands of message per minute about this major pfSense DNS issue ?
(Right, humm .. I get it, DNS doesn't work, so they can find even this forum - so no messages)Shall I go on for a bit more ?
I'll give you the fastest solution.
First : the situation.
Netgate makes a firewall router system.
Netgate doesn't know everything about every ISP on the planet.
This means that pfSense, when installed, use the most known connection method. And guess what ? Every sold PC, on any OS known, every phone, Pad and all the cameras, printers and the zillion of connected device all use the same connection method .... DHCP.So, connect your pfSense to your ISP connection (probably ISP router or modem or whatever) and - roll the drums - your done.
That is, some of us have manged to choose (or had to choose) this ISP that uses a less known connection method.
This means you have to work it out yourself. I don't know how your 'unknown' (to me) ISP works, but I'm sure it can be worked out. You are probably not the one and only client of your ISP.
Did you ever found a list with known ISP that don't work with pfSense ?
Right, me neitherSo, your connected.
Next possible issue : your ISP (again).
Do they allow traffic ?
I mean :
All know protocols ? The most know are TCP, UDP, IMCP, and many others.
Can you connect to 0.0.0.1 to 254.254.254.25 ( 4,294,967,296 unique addresses ) ? Or all known IPv4 addresses ?
Can you access all known port ? from 1 to 65535 ?If your ISP is transparent, you can access these 3, also known as the Internet' as a whole ? I yes this means pfSense will work for you the moment you've installed it.
Try this one, as it always works :
Install pfSense clean.
Connect a first time to the GUI. You'll see a popup box with disclaimers, copy rights etc.
You are asked to change the admin password.Then : stop doing anything. Do not use the keyboard anymore. Don't change anything no where.
I'll be more precise : do not add/change/edit whatever any DNS settings;Now you have the same situation that you would have with any other router that you can buy out there (tplink, dlink etc etc etc etc - but also your ISP router) :
Roll the drums : it works.So why DNS wouldn't work for you ?
I've just one question : what DNS setting did you change ?
And I tell you this : No, you didn't need to do this. If it was needed, pfSense wouldn't work out of the box, as outlined above. But it probably did.
And what you broke your DNS ... so undo what you did, and you'll be fine.Ok, sorry for the rent. I've made up my story, to counter yours : "natif problem for this Pfs release".
Mine is rather easy to fact check : go visit your neighbor that also sues pfSense and ask him the question : does it work for you ?Let's do what we are supposed to do on a forum. Don't say "doesn't work", tell more about it and some one will spot what's wrong and propose you the solution.
-
Yes, how exactly is it failing for you? More details needed.
-
@stephenw10 This happens from time to time lately nothing dramatic, I just retrart it manually (most of time I really enjoy using pfs). My router is about more than 4 or 5 years without any clean install maybe I have to considered it
-
So clients just stop being able to resolve? Does the service actually stop? Anything logged when that happens?
-
@stephenw10 This is the problem : the service didn't stop, all looks ok but some website cannot be load, so I just restart the DNS Resolver then all back to normal. I didn't note the time happen so cannot see clear in log.
Btw I use [pfBlockerNG], could it be in concern in my case ? -
@Khampol said in DNS Resolver : Pfsense re-install:
I use [pfBlockerNG], could it be in concern in my case ?
It could be. It depends how it fails at the client. Does it specifically show a DNS error in the browser?
If you try to ping some host b FQDN does it fail? What error is shown there?