DNS lookups failing from Windows 7 using pfSense 2.0-BETA5/Unbound 1.4.8

  • [solved by disabling DNSSEC, saving, re-enabling DNSSEC, and saving]

    I'm probably overlooking something very simple.  The regular "DNS Forwarder" works fine, but "Unbound DNS Forwarder" doesn't work for me.

    Unbound Status tab instantly shows new entries of the DNS queries I'm making from Windows 7, along with their correct IP addresses, etc.  So that part appears to be fine (and fast).

    But these results are not making it back to the Windows 7 clients which are on same LAN subnet as pfSense.

    In the unbound ACL tab, I set "Allow" for (WAN) and (LAN).  In Windows 7 ( static, not DHCP), I set DNS server to (pfSense) and leave 2nd DNS server blank for this test.

    When using Unbound, do we require additional Firewall rules that aren't needed with the plain DNS Forwarder?

    I'm new to pfSense, so any pointers–no matter how obvious--would be appreciated.

    I'm using pfSense-2.0-BETA5-amd64 Feb 5 build.


  • When I uncheck "DNSSEC" option, queries from Windows 7 work fine.

    I suppose I'll have to RTFM on Windows 7 and DNSSEC.  Please share links, especially if you have a tutorial that is hard to find with Google.

  • I re-enabled DNSSEC, saved changes, and now it works fine as well.  I tested with domain names that were already in Unbound's cache as well as new ones.

    So now, I have DNSSEC checked, and Fowarding Mode unchecked.  All is well.

  • Did you do anything specific besides disabling and enabling DNSSec?