Unresponsive WebUI on failed WAN



  • Hi.
    My pfSense is configured with dual WAN, one in DHCP and one with fixed public IP. Last week we had our ISP line upgraded and public subnet changed. Sadly something was wrong with it, and even if we could ping the gateway internet was not available on the fixed IP WAN. During this service outages pfSense was barely usable (from LAN), page loading could take minutes to load, or even failed to do so! This misbehaviour lasted until we unplugged the fixed IP line cable from it.

    Anyone else ran into a similar situation before?
    I'm on 2.2.5, I'll try to repro with a 2.3ALPHA as soon as I can



  • yes unfortunately I think we all have experienced it.

    I guess this is an error that happens when the Defined DNS is not found, it's even worse if you have defined a lot of DNS servers.

    I would also appreciate this issue would be resolved in the future, for now my best solution is to have a 2 dns server from different interfaces that are really redundant so even if you have a problems with one ISP the other is working.

    If possible use one with cable technology (Fiber or ADSL) and the other with 4G. Use different Providers and different technology.

    This is a workaround not the desired solution, that would be the pfsens WEB interface not to freeze for more then 20 minute sometimes.




  • thanks for your feedback.

    do you know if there is already a bug filed on redmine?



  • Sorry I don't know.


  • Banned

    As noted here: https://redmine.pfsense.org/issues/1407#note-9 - point your pfSense box to localhost for DNS; that is:

    • do NOT define any DNS servers there
    • do NOT tick the "Do not use the DNS Forwarder or Resolver as a DNS server for the firewall" checkbox.
    • have DNS forwarder or resolver running and set up your forwarders there.



  • I'm missing something then…

    I'm using DNS resolver not DNS forwarder and I can't find an option to write the DNS forwarder (8.8.8.8 for example).

    And because I have 2 fiber connections with static IP the provider does not give me a DNS forwarder like a DHCP connection.

    So I must be doing somethig wrong?

    Thanks


  • Banned

    You do not need any forwarders defined when using DNS resolver. If you really insist:

    
    forward-zone:
          name: "."
          forward-addr: 8.8.8.8
          forward-addr: 8.8.4.4
    
    

    (goes into the advanced box).



  • Hi thanks, you are the man  ;)

    But I would like to understand how it works?

    On a DNS server you always have the forwarder for 0.0.0.0.

    So if it is not defined on the "Advanced box" as you have explained, what is the DNS resolver using as default forwarder?

    Thanks


  • Banned

    DNS resolver is recursive by default. Starts with well-known root servers.



  • OK it's clear now.

    So it's probably using IANA root server list.

    It would only fail if that list changes and that's very unusual.

    Although a root server IP change is schedule for 1 December 2015

    http://h.root-servers.org/renumber.html


  • LAYER 8 Global Moderator

    1 root server changing its IP would not break dns via a resolver..



  • I think there is more to the gui hang than dns I also get a mail flood that seems to happen and am sure that contributes to the gui hang cause if i reset gui from console flood stops and gui becomes accessible


Log in to reply