[solved] pfsense 2.2.4 cant get DNS Resolver to work



  • Hi,

    my system:
    pfsense 2.2.4 i386 embedded / Nanobsd + Serial Output , upgraded from 2.1x to 2.2.4 ..

    while i am trying to get the DNS Resolver to work i fail,

    System->Generel Setup:
    DNS servers: blank
    Allow DNS server list to be overridden by DHCP/PPP on WAN [unchecked]

    Services->DNS Forwarder:
    DNS Forwarder [unckeded] "disabled*

    Services->DNS Resolver:
    Enable DNS Resolver [checked]
    Listen Port [53]
    Network Interfaces [ALL]
    Outgoing Network Interfaces [ALL]
    DNSSEC [checked]
    DNS Query Forwarding [checked]
    DHCP Registration [checked]
    Static DHCP [unckecked]
    TXT Comment Support [unchecked]
    Advanced [blank]

    Advanced Settings–>
    Hide Identity [checked]
    Hide Version [checked]
    Prefetch Support [checked]
    Prefetch DNS Key Support [checked]
    Harden DNSSEC data [checked]

    all the other options of this page are "Default Settings"

    and is it normal that the command "dig" is not found and also i tried as written into the docs "unbound-control", the following error i got if i try to lookup

    unbound-control lookup google.com
     error: Could not open /usr/local/etc/unbound/unbound.conf: No such file or directory
    fatal error: could not read config file
    

    but unbound as service is running.

    thanks


  • Rebel Alliance Global Moderator

    Why would you have ALL selected as your outgoing network interface??  All you have is wan ports and they are all able to get to the internet via some gateway???

    You sure your isp allows you to query other dns?  Some isp hijack dns or do not allow you to do direct queries.

    I would for starters do a simple test to dns from pfsense.  No dig is not included but drill is.

    As to that with unbound-control - well that is not where the conf file is on pfsense so you need to use -c and point to where it is

    [2.2.4-RELEASE][root@pfSense.local.lan]/: unbound-control -c /var/unbound/unbound.conf lookup google.com
    The following name servers are used for lookup of google.com.
    ;rrset 8064 4 0 2 0
    google.com.    94464  IN      NS      ns2.google.com.
    google.com.    94464  IN      NS      ns1.google.com.
    google.com.    94464  IN      NS      ns3.google.com.
    google.com.    94464  IN      NS      ns4.google.com.
    ;rrset 8064 1 0 1 0
    ns4.google.com. 94464  IN      A      216.239.38.10
    ;rrset 8064 1 0 1 0
    ns3.google.com. 94464  IN      A      216.239.36.10
    ;rrset 8064 1 0 1 0
    ns1.google.com. 94464  IN      A      216.239.32.10
    ;rrset 8064 1 0 1 0
    ns2.google.com. 94464  IN      A      216.239.34.10
    Delegation with 4 names, of which 4 can be examined to query further addresses.
    It provides 4 IP addresses.
    216.239.34.10          rto 122 msec, ttl 262, ping 30 var 23 rtt 122, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    216.239.32.10          rto 127 msec, ttl 262, ping 19 var 27 rtt 127, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    216.239.36.10          rto 200 msec, ttl 543, ping 28 var 43 rtt 200, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    216.239.38.10          rto 311 msec, ttl 884, ping 3 var 77 rtt 311, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

    If your wanting to use the resolver why would you have it set to forwarding mode?

    "DNS Query Forwarding [checked]"

    But then you have nothing for it to forward too?



  • thanks for the quick reply

    i am sure my ISP(pppoe Vodafone ADSL) doenst hijack the DSN request, i tried to set 8.8.8.8 in the Generel Setup and was using the unbound-control command:
    i set the outgoing interface to WAN

    unbound-control -c /var/unbound/unbound.conf lookup google.com
    The following name servers are used for lookup of google.com.
    forwarding request:
    Delegation with 0 names, of which 0 can be examined to query further addresses.
    It provides 2 IP addresses.
    127.0.0.1       	not in infra cache.
    8.8.8.8         	rto 65 msec, ttl 873, ping 25 var 10 rtt 65, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    

    but if i remove the 8.8.8.8 DNS Server and set the outgoing interface to WAN for the DNS Resolver i get this :

    unbound-control -c /var/unbound/unbound.conf lookup google.com
    The following name servers are used for lookup of google.com.
    forwarding request:
    Delegation with 0 names, of which 0 can be examined to query further addresses.
    It provides 1 IP addresses.
    127.0.0.1       	not in infra cache.
    

    i dont know what is wrong … pls help me to get (unbound) DNS Resolver to work

    thanks


  • Rebel Alliance Global Moderator

    did you turn off FORWARDER mode??  That you had checked?

    Clearly from that command it says "forwarding request:"



  • woo thats it…, turning off (unchecked) the "Enable Forwarding Mode" did the trick.

    thank you very much.

    thanks