DNS dies every day. Only solution is a reboot.



  • I have a new issue with 2.1-DEVELOPMENT (amd64) built on Tue Sep 13 17:05:32 EDT 2011

    At least once every day the DNS functionality dies. The service itself is started but it ceases to function. Re-starting the DNS forwarder service does not work. Only way is to reboot the machine. No logs about anything failing.

    This is really getting irritating now as the DNS dies any time with no prior warnings. Any clues?

    My DNS is the following order. Earlier I just kept IPv6 DNS but adding IPv4 DNS doesnt make a difference.

    2620:0:ccc::2
    2620:0:ccd::2
    208.67.222.222
    208.67.220.220



  • @asterix:

    No logs about anything failing.

    This is really getting irritating now as the DNS dies any time with no prior warnings. Any clues?

    Where have you looked for the logs? The default in the web GUI is to show the last 50 lines. There is a more complete record in pfSense /var/log. If you are using pfSense DNS forwarder the pfSense shell command```
    clog /var/log/system.log | grep dnsmasq



  • "clog /var/log/system.log | grep dnsmasq" shows this

    Sep 25 14:24:04 pfsense dnsmasq[39448]: started, version 2.55 cachesize 10000
    Sep 25 14:24:04 pfsense dnsmasq[39448]: compile time options: IPv6 GNU-getopt no                          -DBus I18N DHCP TFTP
    Sep 25 14:24:04 pfsense dnsmasq[39448]: reading /etc/resolv.conf
    Sep 25 14:24:04 pfsense dnsmasq[39448]: using nameserver 2620:0:ccd::2#53
    Sep 25 14:24:04 pfsense dnsmasq[39448]: using nameserver 2620:0:ccc::2#53
    Sep 25 14:24:04 pfsense dnsmasq[39448]: read /etc/hosts - 13 addresses
    Sep 25 14:24:11 pfsense dnsmasq[39448]: reading /etc/resolv.conf
    Sep 25 14:24:11 pfsense dnsmasq[39448]: using nameserver 2620:0:ccd::2#53
    Sep 25 14:24:11 pfsense dnsmasq[39448]: using nameserver 2620:0:ccc::2#53

    Weird now is that my IPv6 is totally dead. No changes done to the router.



  • @asterix:

    Weird now is that my IPv6 is totally dead. No changes done to the router.

    That would cause DNS to appear dead!

    Please verify dnsmasq is still running:  pfSense shell command ps ax | grep dnsmasq
    If you don't already have a DNS local override I suggest you create one to give you a way of testing if DNS is still working without requiring your internet connection to work.

    About IPv6 death: do you have native IPv6 to your ISP or are you using a tunnel? If a tunnel, has your WAN address changed since boot? Is your WAN link up?



  • "ps ax | grep dnsmasq" gives me this

    39448  ??  I      0:01.35 /usr/local/sbin/dnsmasq –local-ttl 1 --all-servers -
    40081  0  S+    0:00.01 grep dnsmasq

    I am using OpenDNS only. Weird is that I am using OpenDNS IPv6 DNS servers and web pages are being resolved despite total IPv6 failure. My IPv6 Gateway is online all the time. Never saw it go down.

    I am using HE tunnel. IP address hasn't changed on the WAN and it's not a concern has I am using the Dynamic DNS client for IPv6 to update the WAN IP.

    Do you think I should format and re-install?



  • @asterix:

    I am using HE tunnel. IP address hasn't changed on the WAN and it's not a concern has I am using the Dynamic DNS client for IPv6 to update the WAN IP.

    It doesn't seem to relevant to this discussion BUT my recollection of activing a HE tunnnel is that I had to provide the IPv4 address of my end of the tunnel. Suppose your pfSense WAN address changes then how is HE going to know the IPv4 address of your end of the tunnel has changed? Its not clear to me that "Dynamic DNS client for IPv6" (whatever that is) is going to tell HE the IPv4 address of your end of the tunnel has changed. Pardon the digression.

    @asterix:

    I am using OpenDNS only. Weird is that I am using OpenDNS IPv6 DNS servers and web pages are being resolved despite total IPv6 failure. My IPv6 Gateway is online all the time. Never saw it go down.

    Please pardon my failure of imagination. I can't how imagine you can have total IPv6 failure and say I am using OpenDNS IPv6 DNS servers and web pages are being resolved. What exactly is the problem you are reporting? I'm not telepathic, please keep it simple for me. Something along the lines of: When I do … I expect to see ... but I see ... might help me.



  • I am using OpenDNS IPv6 servers 2620:0:ccc::2 & 2620:0:ccd::2 (not sure how DNS name resolution is still functioning with no backup IPv4 DNS)

    This is my result from http://test-ipv6.com

    –------------------------------------------------------------
    Your IPv4 address on the public Internet appears to be x.x.x.x

    No IPv6 address detected [more info]

    We have detected that you are using a proxy. This means we are testing your proxy server, not your computer. Proxy details (as reported by your proxy 'Via' header):
    Via: 1.0 PROXY

    World IPv6 day is June 8th, 2011. No problems are anticipated for you with this browser, at this location. [more info]

    You appear to be able to browse the IPv4 Internet only. You will not be able to reach IPv6-only sites.

    Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.
    Your readiness scores
    10/10 for your IPv4 stability and readiness, when publishers offer both IPv4 and IPv6
    0/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only


  • Rebel Alliance Global Moderator

    "We have detected that you are using a proxy."

    Proxy does dns request!



  • As far as I know, proxy (Squid in this case) uses the DNS servers supplied in the Generral Setup section.


  • Rebel Alliance Global Moderator

    You might want to mention your full setup when asking for help, you made no mention of using squid until I brought it up.  You sure you not bouncing off some other proxy?  And what it reports is that your local squid setup?

    I believe there is a log you can check to see what dns squid adds – I believe it is /var/squid/log/

    You should see it adding nameservers from your squid.conf, etc.

    But for troubleshooting dns related issues, I would most likely remove squid from the equation -- how do you know its not just squid that is not working, and actually related to a dns issue?

    I don't see where you actually did a direct query to pfsense for dns to verify it did not resolve, etc.


Locked