Postbank.de not found



  • Hello, I installed pfsense (WAN via USB-Eth, LAN & WLAN via PCI-Card) and everthing seems to work well.
    For me strange is that if I try to reach postbank.de I often get a timeout. More or less after tree trials I can see the respective page.
    If I do the same via IP address it works with the first trial.
    Has someone any ideas?



  • Which version of pfSense?  Are you using the DNS Resolver or the DNS Forwarder?  What do you have for upstream DNS via System - General Setup - DNS Servers?



  • pfSense is still the release 2.2.2 which I installed from USB stick. If I try autoupdate from web page I get a failure message 'could not contact pfsense update server updates.pfsense.org'.
    I remember, if I upgrade from console, it will be incredible slow (I guess only 1 CPU of T7500 used).

    DNS Resolver is selected, with default settings.
    On System - General setup - DNS Server I put the Kabel-Deutschland Router WAN address 192.168.0.1; none gateway used.
    First option is selected (allow DNS server list be overwritten by DHCP WAN)
    Second option is not used (do not use DNS forwarder as DNS server).
    If it helps, I can also post cropped config file…


  • Rebel Alliance Global Moderator

    so your trying to go here right https://www.postbank.de/

    This is what postbank.de gets redirected too.

    If your using the resolver does not matter what pfsense uses for dns be it your isp or something you put in..  Resolver is Resolver it walks the tree talking to roots and then authoritative dns for each domain until it queries what your looking for.

    If you have bad connection or domain your looking for has bad dns this can take some time, etc.  If so might be better off just using forwarder and forwarding to say your isp or googledns, etc.



  • As John said, I would use Forwarder instead of Resolver, and I would also add some 3rd-party DNS to your list in General - DNS Servers, like 8.8.8.8, 8.8.4.4, 4.4.4.4.  I usually uncheck allowing DNS override by DHCP.



  • Well, I have to say sorry, but please explain it for me in more details. I'm not a power user  ;)
    What I have done…
    I disabled via Services/DNS Resolver and enabled via Services/DNS Forwarder for all Interfaces with no additional activated functions.
    I also tried it with DHCP leases in DNS forwarder and DHCP static mapping in DNS forwarder.
    Also on System/General Setup I added as first DNS the Google DNS 8.8.8.8    .
    I tried to find any example which config should work (e.g. pfsense wiki doesn't help really)...
    Found some youTube videos...

    But I still haven't any access to outside (doesn't matter if I type 160.83.8.182 or postbank.de)


  • Banned

    This is not pfSense issue. http://postfix.1071664.n5.nabble.com/Langsamer-DNS-SEC-von-postbank-de-td73021.html

    WTH has DHCP static mapping to do with this??!! Use HOST OVERRIDES if anything. (Otherwise, the forwarder will work since it doesn't do DNSSEC so you won't hit the UDP packet too large issue).


  • Rebel Alliance Global Moderator

    I don't show any issues with www.postbank.de dnssec and can resolve it just fine using unbound resolver with dnssec enable

    http://dnssec-debugger.verisignlabs.com/www.postbank.de

    why should you need youtube videos or config examples.  pfsense out of the box works with the resolver setup for you.  You shouldn't have to go messing with anything really to get it to work.

    why don't you go to your client and see if it resolves? use nslookup, dig, drill, host whatever your fav tool is.  or even the pfsense diag