No DNS Resolution

lschem

I have a new installation of pfSense version 1.0.1 installed from the CD with a WAN public IP of x.x.250.121 and a LAN IP of 192.168.0.1.  I also have IPs on the LAN interface in the x.x.250.x public IP range that I am trying to firewall. Included in these are our authoritative DNS server for our domain/subnet of x.x.250.x.  I am trying to replace an MNF v8.2 firewall with pfSense.  After duplicating the firewall rules as well as I could translate between the two firewall configuration interfaces I tried a test and found that from the LAN side DNS queries would not resolve.  However, pings of IP addresses would pass.

What should I look for in my configuration to resolve this problem?

Currently, I have the WAN DNS server set as our internal authoritative DNS at x.x.250.1.  I'm thinking that I should change this to the campus authoritative DNS at x.x.252.1.  I am going to test this idea later today.

Further I have pfSense configured with virtual IPs for each of our machines that has an x.x.250.x address, with corresponding 1:1 NAT rules for each.  Eventually we would like to remove all public IPs from all of our machines and allow them to communicate via virtual IPs on the pfSense box.

hoba

Make sure you have entered DNS-Servers at system>general. If the dns-forwarder is enabled (which is enabled by default on LAN) it should work.

hchady

i have the same problem… it was working before but when i upgraded to latest snapshots (27-02 or 08-03) dns doesn't work as expected

sullrich

@hchady:

i have the same problem… it was working before but when i upgraded to latest snapshots (27-02 or 08-03) dns doesn't work as expected

We have not change anything involving DNS.

regis

i've quite the same problem since snapshot 27/02

my pfsense has a dual wan setup : WAN dhcp fixed private address behind a dsl modem, WAN2 dhcp fixed public address

everything's working ok until dhcp leases are refreshed, then no dns resolution !

on a LAN win xp box, if i try a nslookup on e.g. www.google.fr, it answers "query refused"

if i reboot the pfsense and clear the win xp dns cache (with ipconfig /flushdns), all is working again.

i updated pfsense to snapshot 08/03 but still the same problem

I setup my WANs with static addresses and pfsense is running for 3days now, no dns problems…

yoda715

Try entering manual DNS entries under the 'System>General Setup' menu. Uncheck the box allow DNS entries to be overwritten by dhcp. Report back what you find.

regis

I forgot to explain my dns setup

I already entered two DNS servers in System/General (one for each ISP) and unchecked the box. I too have entered static routes for DNS queries to go out through the ad hoc WAN

this setup works perfectly with WAN static adresses and with DHCP addresses until DHCP lease refresh

there are no error messages in logs, each time dns cease to work, the lasts entries are about dhcp few seconds ago…

Crosis

@sdale:

Try entering manual DNS entries under the 'System>General Setup' menu. Uncheck the box allow DNS entries to be overwritten by dhcp. Report back what you find.

I have the same problem as regis(only one ISP, though). Already tried sdale's suggestion.
How can I fix this?

Crosis

I really need help with this, the pfsense box is in my house and this problem is driving me crazy.

Crosis

Today I reinstalled with the "1.2-TESTING-SNAPSHOT-07-21-2007" ISO and the problem persists, I dont know what to do now, please help me guys.

nexus010

Hi.
I am experiencing the same/similar problems as the others in this post.
I see traffic in and out but web page resolution is hit and miss.
It will work for a few seconds then stop.
I can ping across the box from the lan to an external site and then it vanishes.
I can ping from the diagnostics page to an external site then it vanishes.
I have a static IP WAN IP and static DNS servers.

I have set up the DNS servers in the general setup page.
I have unchecked the box allows DNS entries to be overwritten by dhcp.
DNS Forwarding is enabled.
I have no packages installed
I have tried 1.2 Beta 1, 1.2 Beta 2 and 1.2 RC 1.
I have tried updates and fresh intalls in every case the results are the same.
I'm going to try 1.01 today but I see from the previous posts this may not work either.

The potentials of this project are huge.
Keep up the good work !

Crosis

Still stuck with this problem.
I noticed something: When my pfsense box stops working(no dns resolution, unable to ping static ip addresses, cant do anything with my wan) I can see the status of the wan with my IP address, my subnet mask but my ISP gateway is gone. Maybe this will give you a hint of what is my problem.
BTW, if I reboot the pfsense box, the internet connection starts working again.

nexus010

Update from my end.
After extensive testing and building.
I had 3 seperate boxes built with every flavour of ipcop, monowall and pfsense.
I even replaced my production gateway to put it on the new circut, when I saw it failing to resolve web pages I started thinking outside of the box….
I came to realise that the static DNS servers that I was given to connect to where out to lunch.
It was only when I put in the dns numbers from opnendns.org did I get what I'm paying for.
10meg fibre. 10 up and 10 down and with genuine real webpages too.LOL
I called the help desk 3 times on this.They said there was no problem on their end.
When I ran a trace route to the DNS servers there was long delays not only in resolving but in arriving.
I did the trace route to opendns and it was fast no delay all resolved.

This is a very cool idea.
You can even enable blocking for unsafe sites, put in filters for adult contact and totally free.
It restored my sanity and solved my problem.
I have been load testing the circut late at night and pfsense has exceeded my hopes.
It is so simple to try its worth the test.
I hope it resolves some of the other problems you guys are struggling with here.
Cheers

Crosis

@nexus010:

Update from my end.
After extensive testing and building.
I had 3 seperate boxes built with every flavour of ipcop, monowall and pfsense.
I even replaced my production gateway to put it on the new circut, when I saw it failing to resolve web pages I started thinking outside of the box….
I came to realise that the static DNS servers that I was given to connect to where out to lunch.
It was only when I put in the dns numbers from opnendns.org did I get what I'm paying for.
10meg fibre. 10 up and 10 down and with genuine real webpages too.LOL
I called the help desk 3 times on this.They said there was no problem on their end.
When I ran a trace route to the DNS servers there was long delays not only in resolving but in arriving.
I did the trace route to opendns and it was fast no delay all resolved.

This is a very cool idea.
You can even enable blocking for unsafe sites, put in filters for adult contact and totally free.
It restored my sanity and solved my problem.
I have been load testing the circut late at night and pfsense has exceeded my hopes.
It is so simple to try its worth the test.
I hope it resolves some of the other problems you guys are struggling with here.
Cheers

Sadly, Im from Argentina. Using opendns for dns resolution severely lags my web browsing. This sucks…

Crosis

Everything is working fine now. Looks like the problem was my ISP's DNS server. =/

ipnet

Hello Crosis, I am also from Arg. and I have the same problem. Didi you get to solve this issue? ???

Regards.

Perry

Everything is working fine now. Looks like the problem was my ISP's DNS server. =/

I can ping those
@http://wiki.telecomsucks.com/Lista_de_Servidores_DNS:

*  IPlan: 200.69.193.1 (dns1.iplanisp.com)

* IPlan: 200.69.193.2 (dns1.iplanisp.com.ar)