Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] No DNS Resolution for vlan

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 4 Posters 9.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      christophdb
      last edited by

      Hi everybody,

      I have a very strange situation and I am sure that I missed just one click to complete my desired setting.
      I have a pfsense (v 2.1.4), a zyxel switch (GS1910-24) and a tp-link access point (TL-WA801N).

      I have defined to SSIDs on the access point:

      • home with vlan-id 1
      • guests with vlan-id 200

      If I connect to "home" I receive a correct IP from PFSense within the subnet 5.x, gateway 5.1 (=pfsense) and I can browse the internet
      If I connect to "guests" I receive a correct IP from PFSense within the subnet 2.x, gateway 2.1 (=pfsense) and I can ping the pfsense from the client and pfsense can ping the client. I can access pages directly like: "http://5.35.240.23/" but www.google.de is not working.

      My questions:

      1. this sounds like a DNS Problem, right? Because I have internet access but only if I browse directly to an ip.
      2. Do you have any idea what I missed to make sure that PFSense works correctly as a DNS Server?

      Hints:

      • DNS Forwarder is activated
      • there is an allow any rule for the vlan-id200 in pfsense
      • I can ping www.google.de from PFSense webinterface with the source VLAN200

      Thank you very much for your help.
      Best regards
      Christoph

      PC-Service per Fernwartung an 365 Tagen im Jahr.

      1 Reply Last reply Reply Quote 0
      • C
        christophdb
        last edited by

        Hi everybody,

        I found the solution!!! just for all the other who might face this problem. I had a allow any rule, but this rule was only for "tcp" Requests - and DNS requests are "udp".
        As I said it was only one more click.

        Now I have 4 rules for my vlan200:
        Allow TCP, port 80 to anything but LAN (= !LAN)
        Allow TCP, port 443 to !LAN
        Allow UDP, port 53 to 192.168.2.1 (Pfsense)
        Block everything else.

        Best regards
        Christoph

        PC-Service per Fernwartung an 365 Tagen im Jahr.

        K GertjanG 2 Replies Last reply Reply Quote 1
        • T
          trademark27
          last edited by

          Thanks bro i was getting the exact problem. Didn't realize the Allow Any rule was only for TCP. Thnx a bunch.

          1 Reply Last reply Reply Quote 0
          • K
            kugman @christophdb
            last edited by

            selbes Problem hier... meine Güte bin ich blöd, da hätte ich aber auch selber draufkommen können... vielen Dank Dir. Das wars bei mir

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @christophdb
              last edited by

              @christophdb said in [SOLVED] No DNS Resolution for vlan:

              I had a allow any rule, but this rule was only for "tcp" Requests - and DNS requests are "udp".

              You're still not there.
              Handling TCP and UDP is ok, but there are more - like 50 or so ? - protocols.
              The next best that you probably shouldn't block is ICMP. Better get used to include this one, because the day you'll adopts IPv6, ICMP becomes pretty mandatory.

              True : the other 47 are less known, less used.
              But beware of the pitfall : in the future you install that new great app that does super things ..... and omg it doesn't work with pfSense ! .... because you took wrong decisions when "setting up your own firewall rules".

              I've solved the issue for myself with these selected two rules :

              6c50ce64-4242-4d5c-8ec5-905d224a3483-image.png

              and I found out later that these two rules are the ones present on the LAN interface when you install pfSense from scratch.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.