Clients behind NAT does not resolve DNS
-
Hello,
I am using pfsense as a gateway for the some servers which has Private network only and I have NAT enabled on the pfsense so that I can still install software on those servers when needed but even if the servers can ping the dns server or any IP from the internet they cannot resolve any domain. Can you please help me figure this issue out asap.
Thanks in advance
Peter -
I'm assuming from what you've written that you're saying you can ping external IP addresses but that you can't resolve any domain names. So this is a DNS issue. Have you tested your DNS connectivity by running something like 'nslookup www.google.com 8.8.8.8' from a LAN-based PC? If this resolves correctly, then you have to visit your DNS settings in your DHCP config (assuming you're using DHCP). Otherwise, change the DNS entry on your PC(s) manually to a public DNS server (eg: 8.8.8.8 or 8.8.4.4, etc).
-
So are you using pfsense for your dns? Can pfsense resolve? Under the diagnostic menu dns lookup
Are you using the forwarder or the resolver in pfsense? Is pfsense behind a NAT or does its wan have a public IP?
Going to have to give us something to work with here.. What rules do you have on your lan network - did you modify them from default and only allow tcp, and your trying to resolve using your isp dns?
-
All my clients are configured to use public DNS servers like 8.8.8.8 and 8.8.4.4. The pfsense is also configured to use those servers. When I run ping google.com on the client I get after some time that it could not resolve the domain. Unfortunately this is a fresh minimal install and it has no tools like dig or host to run a dns query. Also the IP's are static and not assigned by dhcp.
Regards,
Peter -
Is DNS access allowed on LAN interface at pfSense?
-
All my clients are configured to use public DNS servers like 8.8.8.8 and 8.8.4.4. The pfsense is also configured to use those servers. When I run ping google.com on the client I get after some time that it could not resolve the domain. Unfortunately this is a fresh minimal install and it has no tools like dig or host to run a dns query. Also the IP's are static and not assigned by dhcp.
Regards,
PeterIf you want to debug DNS problems you need DNS problem solving tools. Get some.
-
Any Windows or Linux client will have DNS query tools available. So connect one to your LAN and run the nslookup/dig command I mentioned earlier. Target an external DNS server in your query to see whether you get a response. If you can ping 8.8.8.8, for instance, but don't get a reply when running 'nslookup www.google.com 8.8.8.8' then I would look carefully at your firewall rules. If in doubt, post them and maybe someone can help further. Otherwise, I think we've just about exhausted all possibilities at this stage.
