No DNS resolving , ping works with delay

salida

i have 2 pfsense boxes side by side. The one is stable the other has latest snapshot of "pfSense-memstick-2.2-DEVELOPMENT-i386-20140513-0829.img"

same configuration but the machine with the beta snapshot cannot resolve hostname.
It can ping successful but with delay .

netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Netif Expire
default            192.168.1.200      UGS      ue0
localhost          link#5            UH        lo0
192.168.1.0        link#7            U        ue0
192.168.1.101      link#7            UHS      lo0
192.168.2.0        link#1            U        ae0
eee                link#1            UHS      lo0

Internet6:
Destination        Gateway            Flags      Netif Expire
::1                link#5            UH          lo0
fe80::            link#1            U          ae0
fe80::223:54ff:fe6 link#1            UHS        lo0
fe80::            link#5            U          lo0
fe80::1            link#5            UHS        lo0
fe80::            link#7            U          ue0
fe80::200:ff:fe00: link#7            UHS        lo0
ff01::            fe80::223:54ff:fe6 U          ae0
ff01::            ::1                U          lo0
ff01::            fe80::200:ff:fe00: U          ue0
ff02::            fe80::223:54ff:fe6 U          ae0
ff02::            ::1                U          lo0
ff02::            fe80::200:ff:fe00: U          ue0
[2.2-ALPHA][root@eee.localdomain]/root(4): cat /etc/resolv.conf
domain localdomain
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4

i include also ping command because its has delay to respond while the other box pings really fast this one is slow

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=51.603 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=52.126 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=52.625 ms

One interface is usb to ethernet ASIX

jimp

Things are running fine here on the latest snapshot. Are you sure its gateway (192.168.1.200) is correct and not blocking it from reaching DNS servers on tcp/udp port 53?

salida

@jimp:

Things are running fine here on the latest snapshot. Are you sure its gateway (192.168.1.200) is correct and not blocking it from reaching DNS servers on tcp/udp port 53?

yes my other pfsense box is running on the same gateway (192.168.1.200) which is the ISP router

can i ask something about netstat -r

the snapshot box "192.168.1.101      link#7 "
the stable box "192.168.1.100      link#1 "

whats the difference between link 7 and link 1 ??

jimp

The ordering of the interfaces/networks as they're detected, I believe. Not a huge impact.

can you query any of the DNS servers directly? e.g. host www.google.com 8.8.8.8

salida

@jimp:

The ordering of the interfaces/networks as they're detected, I believe. Not a huge impact.

can you query any of the DNS servers directly? e.g. host www.google.com 8.8.8.8

nslookup google.com 8.8.8.8

command not found :(

jimp

nslookup is obsolete. Use host as I stated, or perhaps drill (or dig, if it's there)

host www.google.com 8.8.8.8

salida

@jimp:

nslookup is obsolete. Use host as I stated, or perhaps drill (or dig, if it's there)

host www.google.com 8.8.8.8

;;connection timed out, no host could be reached

jimp

You might try running a packet capture as the traffic attempts to leave WAN, see if the packets go out. If they do, it must be getting dropped upstream.

If host direct to 8.8.8.8 doesn't work, then it isn't anything to do with the DNS forwarder/resolver. It's routing/firewall/NAT on the way out to the Internet, not likely on this device.

salida

@jimp:

You might try running a packet capture as the traffic attempts to leave WAN, see if the packets go out. If they do, it must be getting dropped upstream.

If host direct to 8.8.8.8 doesn't work, then it isn't anything to do with the DNS forwarder/resolver. It's routing/firewall/NAT on the way out to the Internet, not likely on this device.

would it be of any help attaching system, routing, resolving log ??

jimp

only if there are errors… It works fine for me on i386 and amd64 on the latest snapshot, it's not a general issue with the snapshots. There must be something about your configuration that's holding it back.

Raul Ramos

I have two Wans:
1 - pppoe (only name and pass is provided)
2 - ppp is a huawei E392-u12 4G (only phone number is provided).

First days of 2.2 snaps i have to put a list of openDNS IPs and/or google DNS on  System -> General Setup -> Dns server ( Allow DNS server list to be overridden by DHCP/PPP on WAN is checked) to resolve DNS. A  Couple  days ago i delete every DNS in General and it works but does't appear on System information only 127.0.0.1 appears.

Another think, i have to put pfsense hostname on the DNS resolver (Host Overrides) to call the firewall by there hostname.

salida

@jimp:

only if there are errors… It works fine for me on i386 and amd64 on the latest snapshot, it's not a general issue with the snapshots. There must be something about your configuration that's holding it back.

Routing

May 16 16:55:46 	radvd[25785]: sendmsg: Operation not permitted
May 16 16:55:52 	radvd[25785]: Exiting, sigterm or sigint received.
May 16 16:55:52 	radvd[25785]: sending stop adverts
May 16 16:55:52 	radvd[25785]: sendmsg: Operation not permitted
May 16 16:55:52 	radvd[25785]: removing /var/run/radvd.pid
May 16 16:58:35 	radvd[24442]: version 1.9.1 started
May 16 16:58:35 	radvd[24442]: no auto-selected prefix on interface ae0, disabling advertisements
May 16 17:04:34 	radvd[23475]: version 1.9.1 started
May 16 17:04:34 	radvd[23475]: no auto-selected prefix on interface ae0, disabling advertisements

Resolver

May 16 17:04:34 	dnsmasq[20827]: started, version 2.70 cachesize 10000
May 16 17:04:34 	dnsmasq[20827]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth DNSSEC
May 16 17:04:34 	dnsmasq[20827]: reading /etc/resolv.conf
May 16 17:04:34 	dnsmasq[20827]: ignoring nameserver 127.0.0.1 - local interface
May 16 17:04:34 	dnsmasq[20827]: using nameserver 8.8.8.8#53
May 16 17:04:34 	dnsmasq[20827]: using nameserver 8.8.4.4#53
May 16 17:04:34 	dnsmasq[20827]: read /etc/hosts - 2 addresses

@mais_um
so what is your suggestion ? i dont get it ..

Raul Ramos

Hi salida

it's not a suggestion. Make known behavior of DNS in my pfsense, maybe developer can spend more time in the subject.

salida

@jimp:

You might try running a packet capture as the traffic attempts to leave WAN, see if the packets go out. If they do, it must be getting dropped upstream.

If host direct to 8.8.8.8 doesn't work, then it isn't anything to do with the DNS forwarder/resolver. It's routing/firewall/NAT on the way out to the Internet, not likely on this device.

I have made 2 packet captures (with wireshark):

1. ping 8.8.8.8 (successful )
2. traceroute www.google.com (failed)

but i am afraid they have too much personal info (mac address, ip address & stuff)

can you instruct me to find a possible error? or tell me which filter to use (in wireshark) to find (possible) errors
Thank you in advance

from windows client with gateway the pfsense box i get this error

C:\WINDOWS\system32>nslookup 8.8.8.8
Server:  eee.localdomain
Address:  192.168.2.98

DNS request timed out.
    timeout was 2 seconds.
*** Request to eee.localdomain timed-out

Raul Ramos

Use nslookup from pfsense. Menu Diagnostics -> DNS Lookup

Have you more than one DHCP Server?virtual or real?.

From you post:
"the snapshot box "192.168.1.101      link#7 "
the stable box "192.168.1.100      link#1 "

C:\WINDOWS\system32>nslookup 8.8.8.8
Server:  eee.localdomain
Address:  192.168.2.98"

are this another DNS Server?

cmb

You'll want a packet capture on WAN probably more so than on a machine inside your network. The host inside is likely sending the traffic unless you have something really broken inside your network. Check Diag>States on the firewall, if you see your system's traffic there, then packet capture on WAN.

salida

Diagnostics: Show States

192.168.1.101:34950 (192.168.2.25:9206) -> 128.31.0.34:9101 	SYN_SENT:CLOSED

dns requests

udp 	192.168.1.101:23985 -> 8.8.8.8:53 	SINGLE:NO_TRAFFIC 	
udp 	192.168.1.101:23985 -> 8.8.4.4:53 	SINGLE:NO_TRAFFIC

cmb

You're not NATing that traffic. Either you have manual outbound NAT misconfigured, or if on auto-outbound, you're missing the specification of a gateway under Interfaces>WAN.

salida

@cmb:

You're not NATing that traffic. Either you have manual outbound NAT misconfigured, or if on auto-outbound, you're missing the specification of a gateway under Interfaces>WAN.

i have posted my nestat -r to earlier to ensure that my settings are correct, therefore i also post screenshots of
default getaway and outbound rules automatic generated

salida

as previously said one interface is usb to ethernet ASIX

i saw in ifconfig i get wrong mac address from the usb interface 00:00:00:00:00:01
i have tried two different usb to ethernet modules asix chipset and both of them have same mac address

i even tried to spoof mac address…nothing happend

maybe we have a problem with the axe driver...

*** FIX (?!) ***
as i said i used mac address spoofing
also i enabled Disable hardware checksum offload

theese two settings in compination with a restart and i am having DNS resolving .