DNS Forwarder stops working

Guest

Hello,
I have used pfSense for about 3 years without a problem, but now I moved to a student flat and have build a new pfsense VM (version 2.1.5), I have an problem.

My problem is that my DNS Forwarder sometimes randomly stops working, at that moment I CAN ping to internet (8.8.8.8 and 8.8.4.4), but lookups are not working anymore. Sometimes it helps to restart the DNS forwarder, but sometimes I have to restart the whole pfSense VM.

At the moment DNS is not working the load is normal (<10% CPU and Memory)
I can't see something in the log files (or I am looking wrong… ;D)

Does anyone know of this problem, or has someone an solution for me?

dstroot

I may be seeing something similar: https://forum.pfsense.org/index.php?topic=83567.0

What do you see in the logs?

cmb

What DNS servers are you using (System>General Setup)? Only time I've seen anything along those lines is when the configured DNS servers are no longer reachable.

Guest

Sorry for the late reply!

In general seup I am using Google's DNS server (8.8.8.8 and 8.8.4.4) with the gateway of my ISP (Ziggo).
Allow DNS server list to be overridden by DHCP/PPP on WAN is OFF
Do not use the DNS Forwarder as a DNS server for the firewall is also OFF

The following options are enabled in DNS forwarder tab:
Register DHCP leases in DNS forwarder
Register DHCP static mappings in DNS forwarder
Resolve DHCP mappings first

Domain Overrides:
ramboflat.nl -> IP: 192.168.5.250 (This is a Windows domain controller with DNS server, queries on this domain are working.)

This are the system logs (resolver):

Nov 5 15:41:35	dnsmasq[73470]: read /etc/hosts - 5 addresses
Nov 5 15:41:34	dnsmasq[73470]: read /etc/hosts - 5 addresses
Nov 5 15:41:34	dnsmasq[73470]: read /etc/hosts - 5 addresses
Nov 5 15:41:34	dnsmasq[73470]: using nameserver 8.8.4.4#53
Nov 5 15:41:34	dnsmasq[73470]: using nameserver 8.8.8.8#53
Nov 5 15:41:34	dnsmasq[73470]: ignoring nameserver 127.0.0.1 - local interface
Nov 5 15:41:34	dnsmasq[73470]: using nameserver 192.168.5.250#53 for domain ramboflat.nl
Nov 5 15:41:34	dnsmasq[73470]: reading /etc/resolv.conf
Nov 5 15:41:34	dnsmasq[73470]: using nameserver 192.168.5.250#53 for domain ramboflat.nl
Nov 5 15:41:34	dnsmasq[73470]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth DNSSEC
Nov 5 15:41:34	dnsmasq[73470]: started, version 2.70 cachesize 10000
Nov 5 15:41:33	dnsmasq[61177]: exiting on receipt of SIGTERM
Nov 5 15:41:23	dnsmasq[61177]: read /etc/hosts - 11 addresses
Nov 5 15:41:22	dnsmasq[61177]: read /etc/hosts - 11 addresses
Nov 5 15:41:22	dnsmasq[61177]: using nameserver 8.8.4.4#53
Nov 5 15:41:22	dnsmasq[61177]: using nameserver 8.8.8.8#53
Nov 5 15:41:22	dnsmasq[61177]: ignoring nameserver 127.0.0.1 - local interface
Nov 5 15:41:22	dnsmasq[61177]: using nameserver 192.168.5.250#53 for domain ramboflat.nl
Nov 5 15:41:22	dnsmasq[61177]: reading /etc/resolv.conf
Nov 5 15:41:22	dnsmasq[61177]: using nameserver 192.168.5.250#53 for domain ramboflat.nl
Nov 5 15:41:22	dnsmasq[61177]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth DNSSEC

Looks like DNS is restarting itself?

EDIT:
Maybe you have something about this information:
my pfSense appliance is running on an ESXi 5.5.0 hypervisor.
When I installed pfSense, ESXi reports massive CPU usage (->100%), when I disabled the checkbox for Disable hardware TCP segmentation offload and the same for Disable hardware large receive offload, the load returned to normal levels (<10%).
Maybe this has to do something with my problem?

pathia

I am getting something that sounds very much like this.  Next time it happens I will check the same logs to see if the same thing is happening.