PfSense clients cannot ping google, fixed after reboot but repeats
-
All clients lose internet connectivity. But after manually inserting 8.8.8.8 as DNS for W8 client it restored. So I assume the DNS stops working or crashes on the pfSense? I can still remotely connect to my guacamole server and remote into PCs on the network.
-
so can not ping google.. Do you mean they are trying to ping something like www.google.com or an IP they have for google? Or googledns say at like 8.8.8.8
If you can not ping an IP on the internet that responds to ping, not all of them do. Or you can not resolve www.google.com are completely different things. You say you change to client to use googledns at 8.8.8.8 stuff works so that points to just dns related problem.
How is it you assume that pfsense dns crashes - can you just check? How do you have dns setup on pfsense, are you using the forwarder or the resolver in 2.2?
If client behind pfsense queries pfsense lan IP for say www.google.com does it not respond (timeout) or does it come back nxdomain, serv error, refused?
-
I restarted the resolver and internet was restored.
I found the thread saying to enable hardened glue and hardened dnssec in advanced settings for resolver, I will see if this fixes the problem or if it occurs again.
-
Yeah one of the problems with using a actual resolver vs forwarder that if some bad dns returns glue for some domain it doesn't really own, you can now try and go to the wrong place when looking for a domain.
So bad people on the internet ;) Not everyone likes to play by the rules.
If you just use a forwarder and ask say 8.8.8.8 for domainyouwantolookup.com they are the ones that have to worry about if someone gave them bad info when they asked for something else, etc.
Depending on what your doing, there can be advantages to running a full resolver.. Others might find that all they really want/need is a forwarder