pfSense Support Subscription

Author Topic: Use Domain Override to have a site resolve with google instead of Unbound?  (Read 595 times)

0 Members and 1 Guest are viewing this topic.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 12009
  • Karma: +1034/-102
  • Not a pfSense employee, they cannot fire me...
    • View Profile
";; SERVER: 127.0.1.1#53(127.0.1.1)"

That sure and the hell is not pfsense..

Query your pfsense directly..  You got a caching dnsmasq running on that box.. That is asking what???  Have no idea what its forwarding too..

Do a query to your pfsense directly - with your domain overrides removed!!!

like this..

> dig @192.168.9.253 www.aviationweather.gov

; <<>> DiG 9.11.0-P3 <<>> @192.168.9.253 www.aviationweather.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5562
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aviationweather.gov.       IN      A

;; ANSWER SECTION:
www.aviationweather.gov. 120    IN      CNAME   aviationweather.ncep.noaa.gov.
aviationweather.ncep.noaa.gov. 300 IN   CNAME   aviationweather.cp.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov. 67481 IN A    140.90.101.207

;; AUTHORITY SECTION:
ncep.noaa.gov.          67481   IN      NS      ns-e.noaa.gov.
ncep.noaa.gov.          67481   IN      NS      ns-mw.noaa.gov.
ncep.noaa.gov.          67481   IN      NS      ns-nw.noaa.gov.

;; Query time: 156 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Sat Mar 18 16:29:42 Central Daylight Time 2017
;; MSG SIZE  rcvd: 200


replace that 192.168.9.253 with whatever pfsense IP is on your lan/network your on..

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.3_p1 (work)
1x 2.4.0-BETA Apr 22 19:55:49 VM running on esxi 6.5 (home)

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
Code: [Select]
x@x-TPadT420:~$ dig @192.168.1.1 www.aviationweather.gov

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.1 www.aviationweather.gov
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
x@x-TPadT420:~$ dig @192.168.1.1 aviationweather.gov

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.1 aviationweather.gov
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
x@x-TPadT420:~$ dig @192.168.1.1 www.google.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.1.1 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32878
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 3600 IN A 216.239.38.120

;; Query time: 1 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 18 14:37:34 PDT 2017
;; MSG SIZE  rcvd: 59

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 12009
  • Karma: +1034/-102
  • Not a pfSense employee, they cannot fire me...
    • View Profile
And did you clear out the domain overrides you were messing with??

Can you talk to their NS directly - you did that previous.. So you got something else going on if you can still talk to them..

Troubleshooting.. What is your unbound log showing you when you up its verbosity?  What is simple sniff on your wan showing you when you try and resolve this fqdn?  I am having zero issues resolving this domain and that www record.

Its quite possible your having issues talking to their NS via something wrong with your isp, or your path to those networks..  Tracking that down is simple enough.. 

So what happens when you try and resolve it via pfsense diag, dns lookup?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.3_p1 (work)
1x 2.4.0-BETA Apr 22 19:55:49 VM running on esxi 6.5 (home)

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
And did you clear out the domain overrides you were messing with??

Can you talk to their NS directly - you did that previous.. So you got something else going on if you can still talk to them..

Yes, I deleted the domain override.

Here's an output that includes the NS:
Code: [Select]
; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> www.aviation.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60388
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aviation.gov.              IN      A

;; AUTHORITY SECTION:
gov.                    3312    IN      SOA     a.gov-servers.net. nstld.verisign-grs.com. 1489943401 3600 900 1814400 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Mar 19 10:47:21 DST 2017
;; MSG SIZE  rcvd: 120

bash@DESKTOP:~$ dig aviation.gov

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> aviation.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 397
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aviation.gov.                  IN      A

;; AUTHORITY SECTION:
gov.                    3308    IN      SOA     a.gov-servers.net. nstld.verisign-grs.com. 1489943401 3600 900 1814400 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Mar 19 10:47:25 DST 2017
;; MSG SIZE  rcvd: 116

bash@DESKTOP:~$ dig 140.90.33.237

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> 140.90.33.237
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10308
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;140.90.33.237.                 IN      A

;; AUTHORITY SECTION:
.                       1751    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2017031901 1800 900 604800 86400

;; Query time: 15 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Mar 19 10:47:29 DST 2017
;; MSG SIZE  rcvd: 117

bash@DESKTOP:~$ dig a.root-servers.net

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54421
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 26

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;a.root-servers.net.            IN      A

;; ANSWER SECTION:
a.root-servers.net.     3599961 IN      A       198.41.0.4

;; AUTHORITY SECTION:
root-servers.net.       3599961 IN      NS      b.root-servers.net.
root-servers.net.       3599961 IN      NS      f.root-servers.net.
root-servers.net.       3599961 IN      NS      i.root-servers.net.
root-servers.net.       3599961 IN      NS      a.root-servers.net.
root-servers.net.       3599961 IN      NS      e.root-servers.net.
root-servers.net.       3599961 IN      NS      g.root-servers.net.
root-servers.net.       3599961 IN      NS      l.root-servers.net.
root-servers.net.       3599961 IN      NS      m.root-servers.net.
root-servers.net.       3599961 IN      NS      d.root-servers.net.
root-servers.net.       3599961 IN      NS      c.root-servers.net.
root-servers.net.       3599961 IN      NS      h.root-servers.net.
root-servers.net.       3599961 IN      NS      j.root-servers.net.
root-servers.net.       3599961 IN      NS      k.root-servers.net.

;; ADDITIONAL SECTION:
b.root-servers.net.     516543  IN      A       192.228.79.201
c.root-servers.net.     516543  IN      A       192.33.4.12
d.root-servers.net.     516543  IN      A       199.7.91.13
e.root-servers.net.     516543  IN      A       192.203.230.10
f.root-servers.net.     516543  IN      A       192.5.5.241
g.root-servers.net.     516543  IN      A       192.112.36.4
h.root-servers.net.     516543  IN      A       198.97.190.53
i.root-servers.net.     516543  IN      A       192.36.148.17
j.root-servers.net.     516543  IN      A       192.58.128.30
k.root-servers.net.     516543  IN      A       193.0.14.129
l.root-servers.net.     516543  IN      A       199.7.83.42
m.root-servers.net.     516543  IN      A       202.12.27.33
a.root-servers.net.     516543  IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     516543  IN      AAAA    2001:500:84::b
c.root-servers.net.     516543  IN      AAAA    2001:500:2::c
d.root-servers.net.     516543  IN      AAAA    2001:500:2d::d
e.root-servers.net.     516543  IN      AAAA    2001:500:a8::e
f.root-servers.net.     516543  IN      AAAA    2001:500:2f::f
g.root-servers.net.     516543  IN      AAAA    2001:500:12::d0d
h.root-servers.net.     516543  IN      AAAA    2001:500:1::53
i.root-servers.net.     516543  IN      AAAA    2001:7fe::53
j.root-servers.net.     516543  IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     516543  IN      AAAA    2001:7fd::1
l.root-servers.net.     516543  IN      AAAA    2001:500:9f::42
m.root-servers.net.     516543  IN      AAAA    2001:dc3::35

;; Query time: 46 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Mar 19 10:47:35 DST 2017
;; MSG SIZE  rcvd: 825

I attached a screen of the pfsense diag lookup output.

Troubleshooting.. What is your unbound log showing you when you up its verbosity?  What is simple sniff on your wan showing you when you try and resolve this fqdn?  I am having zero issues resolving this domain and that www record.


Verb=5 was outputting a ton of stuff and filling up the 500 entries in less than a second.

I thought I'd be clever and clear out the resolver.log file so that I could just post the relevant stuff for you. (Diag>Edit File>Select All>Delete>Save)

Apparently that's not smart to do because now it doesn't put anything in there...  :o

I tried restarting Resolver, rebooting, updating to latest BETA build, rm /var/log/resolver.log && touch /var/log/resolver.log
It still isn't logging anything.

Way to go me.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7575
  • Karma: +891/-218
    • View Profile
Try this at a shell prompt:

rm /var/log/resolver.log

ls -l /var/log

Get the size of the other logs default is 511488

clog -i -s 511488 /var/log/resolver.log

chmod 600 /var/log/resolver.log

bounce unbound
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help!

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
Try this at a shell prompt:

rm /var/log/resolver.log

ls -l /var/log

Get the size of the other logs default is 511488

clog -i -s 511488 /var/log/resolver.log

chmod 600 /var/log/resolver.log

bounce unbound


Thanks! That did the trick! I had assumed that they were just ordinary text files but that makes a lot more sense haha.


Strangely enough..... now my DNS query return is different AND www.aviationweather.gov loads immediately with no problems...  :o


The only thing I did different than the last post is accidentally screw up my resolver.log and then get it back up with Derelicts instruction.

Why would a log have any effect at all? Assuming it must have been something else but I can't imagine what? I had already restarted Unbound & rebooted the system a couple of times so that wasn't new.


dig is different now too:

Code: [Select]
bash@DESKTOP:~$ dig www.aviationweather.gov

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> www.aviationweather.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26880
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aviationweather.gov.       IN      A

;; ANSWER SECTION:
www.aviationweather.gov. 120    IN      CNAME   aviationweather.ncep.noaa.gov.
aviationweather.ncep.noaa.gov. 7 IN     CNAME   aviationweather.cp.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov. 86107 IN A    140.90.101.207

;; AUTHORITY SECTION:
ncep.noaa.gov.          86107   IN      NS      ns-e.noaa.gov.
ncep.noaa.gov.          86107   IN      NS      ns-mw.noaa.gov.
ncep.noaa.gov.          86107   IN      NS      ns-nw.noaa.gov.

;; Query time: 115 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Mar 19 12:26:55 DST 2017
;; MSG SIZE  rcvd: 200

bash@DESKTOP:~$ dig ns-e.noaa.gov

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> ns-e.noaa.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44300
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns-e.noaa.gov.                 IN      A

;; ANSWER SECTION:
ns-e.noaa.gov.          86079   IN      A       140.90.33.237

;; AUTHORITY SECTION:
noaa.gov.               86400   IN      NS      ns-e.noaa.gov.
noaa.gov.               86400   IN      NS      ns-mw.noaa.gov.
noaa.gov.               86400   IN      NS      ns-nw.noaa.gov.

;; ADDITIONAL SECTION:
ns-e.noaa.gov.          86079   IN      AAAA    2610:20:8000:8c00::237
ns-mw.noaa.gov.         86079   IN      A       140.172.17.237
ns-mw.noaa.gov.         86079   IN      AAAA    2610:20:8800:8c00::237
ns-nw.noaa.gov.         86079   IN      A       161.55.32.2
ns-nw.noaa.gov.         86079   IN      AAAA    2610:20:8c00:8c00::2

;; Query time: 74 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Mar 19 12:27:23 DST 2017
;; MSG SIZE  rcvd: 228

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 7575
  • Karma: +891/-218
    • View Profile
It wasn't the log. It is probably just resolving for you now.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 12009
  • Karma: +1034/-102
  • Not a pfSense employee, they cannot fire me...
    • View Profile
May never know what what going on, since you can not seem to grasp how to do a directed query.. In all the nonsense you posted.. Not one of them was a query to one of the NS authoritative for that domain...

Just like you query @yourpfsenseIP

Do you query direct to one of their NS.. as I did in my example..  And why and the F are you doing a query for "www.aviation.gov"

Glad its working for you - since troubleshooting to where the problem actual is with what your posting would be fruitless..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.3_p1 (work)
1x 2.4.0-BETA Apr 22 19:55:49 VM running on esxi 6.5 (home)

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
May never know what what going on, since you can not seem to grasp how to do a directed query.. In all the nonsense you posted.. Not one of them was a query to one of the NS authoritative for that domain...

Just like you query @yourpfsenseIP

Do you query direct to one of their NS.. as I did in my example..  And why and the F are you doing a query for "www.aviation.gov"

Glad its working for you - since troubleshooting to where the problem actual is with what your posting would be fruitless..

Eh, yeah. I have literally zero background in IT or anything computer or networking related. If I haven't read it for fun or been told something, I don't know it. So it doesn't surprise me I got it wrong, I do apologize though, I appreciate that you've taken your time out to help me.

I was querying aviationweather.gov because it's the only site that I've ever had trouble with, and the reason I started this thread.
EDIT: reading back I see you mean why i mistyped "aviation.gov" instead of "aviationweather.gov" and posted that output, that was totally unintentional, I was tired!

I thought that the following was the Name Server for aviationweather.gov (which is what I assumed you meant by NS?)since it was listed in the return for aviationweather.gov, and start with "ns".
Code: [Select]
bash@DESKTOP:~$ dig ns-e.noaa.gov
I don't even know what you mean by this?
Quote
Just like you query @yourpfsenseIP
I think the only IP i queried was:
Code: [Select]
bash@DESKTOP:~$ dig 140.90.33.237
Quote
Network information
IP address   140.90.33.237
Reverse DNS (PTR record)   ns-e.noaa.gov

Is that what you mean?



I'd be happy to learn if you're willing to educate me, but I also totally understand if you're no longer interested.
Either way, thank you for taking your time and I apologize for the frustration.
« Last Edit: March 20, 2017, 12:05:56 am by pfBasic »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 12009
  • Karma: +1034/-102
  • Not a pfSense employee, they cannot fire me...
    • View Profile
"dig 140.90.33.237"

All that did was query you default dns for that IP..

Thee are 3 NS listed for this domain.. If you want to ask them directly then you would use the @

So

dig @140.90.33.237 then what you want to ask it..

so

dig @140.90.33.237 www.aviationweather.gov

> dig @140.90.33.237 www.aviationweather.gov

; <<>> DiG 9.11.0-P3 <<>> @140.90.33.237 www.aviationweather.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9718
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 7
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aviationweather.gov.       IN      A

;; ANSWER SECTION:
www.aviationweather.gov. 120    IN      CNAME   aviationweather.ncep.noaa.gov.
aviationweather.ncep.noaa.gov. 300 IN   CNAME   aviationweather.cp.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov. 86400 IN A    140.90.101.207

;; AUTHORITY SECTION:
ncep.noaa.gov.          86400   IN      NS      ns-mw.noaa.gov.
ncep.noaa.gov.          86400   IN      NS      ns-nw.noaa.gov.
ncep.noaa.gov.          86400   IN      NS      ns-e.noaa.gov.

;; ADDITIONAL SECTION:
ns-e.noaa.gov.          86400   IN      A       140.90.33.237
ns-e.noaa.gov.          86400   IN      AAAA    2610:20:8000:8c00::237
ns-mw.noaa.gov.         86400   IN      A       140.172.17.237
ns-mw.noaa.gov.         86400   IN      AAAA    2610:20:8800:8c00::237
ns-nw.noaa.gov.         86400   IN      A       161.55.32.2
ns-nw.noaa.gov.         86400   IN      AAAA    2610:20:8c00:8c00::2

;; Query time: 35 msec
;; SERVER: 140.90.33.237#53(140.90.33.237)
;; WHEN: Mon Mar 20 05:19:59 Central Daylight Time 2017
;; MSG SIZE  rcvd: 332


- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.3_p1 (work)
1x 2.4.0-BETA Apr 22 19:55:49 VM running on esxi 6.5 (home)

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
OK, thank you! It is once again not working for me.

Code: [Select]

bash@DESKTOP:~$ dig @140.90.33.237 www.aviationweather.gov

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @140.90.33.237 www.aviationweather.gov
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached


I also attached the resolver log.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 12009
  • Karma: +1034/-102
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Well that dig command says you could not reach that NS

"connection timed out; no servers could be reached"

So its either down, or your isp is having issues talking to that network.  I do not show any problems talking to any of them.. Try one of the 2 others ones..

ns-e.noaa.gov.          86400   IN      A       140.90.33.237
ns-mw.noaa.gov.         86400   IN      A       140.172.17.237
ns-nw.noaa.gov.         86400   IN      A       161.55.32.2

> dig @140.90.33.237 www.aviationweather.gov +short
aviationweather.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov.
140.90.101.207

> dig @140.172.17.237 www.aviationweather.gov +short
aviationweather.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov.
140.90.101.207

> dig @161.55.32.2 www.aviationweather.gov +short
aviationweather.ncep.noaa.gov.
aviationweather.cp.ncep.noaa.gov.
140.90.101.207

Simple solution would be prob to just put in a host override for www.aviationweather.gov to point to the IP 140.90.101.207, while they have a really short ttl 120 seconds, and then 300 seconds for that cname the IP has not changed since this thread has started 140.90.101.207..

edit:  BTW I don't see anything in that log for aviationweather.gov

If you queried it directly unbound would not have any knowledge of that or log that..
« Last Edit: March 20, 2017, 02:13:43 pm by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.3_p1 (work)
1x 2.4.0-BETA Apr 22 19:55:49 VM running on esxi 6.5 (home)

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
Yeah it's down for me again. I don't get why I can't get to those DNS servers?


Code: [Select]
bash@DESKTOP:~$ dig @140.90.33.237

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @140.90.33.237
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3772
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       77610   IN      NS      e.root-servers.net.
.                       77610   IN      NS      k.root-servers.net.
.                       77610   IN      NS      l.root-servers.net.
.                       77610   IN      NS      g.root-servers.net.
.                       77610   IN      NS      c.root-servers.net.
.                       77610   IN      NS      i.root-servers.net.
.                       77610   IN      NS      f.root-servers.net.
.                       77610   IN      NS      h.root-servers.net.
.                       77610   IN      NS      j.root-servers.net.
.                       77610   IN      NS      d.root-servers.net.
.                       77610   IN      NS      m.root-servers.net.
.                       77610   IN      NS      b.root-servers.net.
.                       77610   IN      NS      a.root-servers.net.

;; Query time: 0 msec
;; SERVER: 140.90.33.237#53(140.90.33.237)
;; WHEN: Tue Mar 21 10:55:07 DST 2017
;; MSG SIZE  rcvd: 239

bash@DESKTOP:~$ dig @140.172.17.237

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @140.172.17.237
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41634
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       77590   IN      NS      e.root-servers.net.
.                       77590   IN      NS      k.root-servers.net.
.                       77590   IN      NS      l.root-servers.net.
.                       77590   IN      NS      g.root-servers.net.
.                       77590   IN      NS      c.root-servers.net.
.                       77590   IN      NS      i.root-servers.net.
.                       77590   IN      NS      f.root-servers.net.
.                       77590   IN      NS      h.root-servers.net.
.                       77590   IN      NS      j.root-servers.net.
.                       77590   IN      NS      d.root-servers.net.
.                       77590   IN      NS      m.root-servers.net.
.                       77590   IN      NS      b.root-servers.net.
.                       77590   IN      NS      a.root-servers.net.

;; Query time: 15 msec
;; SERVER: 140.172.17.237#53(140.172.17.237)
;; WHEN: Tue Mar 21 10:55:27 DST 2017
;; MSG SIZE  rcvd: 239

bash@DESKTOP:~$ dig @161.55.32.2

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @161.55.32.2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51936
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       77571   IN      NS      e.root-servers.net.
.                       77571   IN      NS      k.root-servers.net.
.                       77571   IN      NS      l.root-servers.net.
.                       77571   IN      NS      g.root-servers.net.
.                       77571   IN      NS      c.root-servers.net.
.                       77571   IN      NS      i.root-servers.net.
.                       77571   IN      NS      f.root-servers.net.
.                       77571   IN      NS      h.root-servers.net.
.                       77571   IN      NS      j.root-servers.net.
.                       77571   IN      NS      d.root-servers.net.
.                       77571   IN      NS      m.root-servers.net.
.                       77571   IN      NS      b.root-servers.net.
.                       77571   IN      NS      a.root-servers.net.

;; Query time: 15 msec
;; SERVER: 161.55.32.2#53(161.55.32.2)
;; WHEN: Tue Mar 21 10:55:46 DST 2017
;; MSG SIZE  rcvd: 239

bash@DESKTOP:~$ dig @140.90.33.237 www.aviationweather.gov +short

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @140.90.33.237 www.aviationweather.gov +short
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
bash@DESKTOP:~$ dig @140.172.17.237 www.aviationweather.gov +short

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @140.172.17.237 www.aviationweather.gov +short
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

bash@DESKTOP:~$ dig @161.55.32.2 www.aviationweather.gov +short

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @161.55.32.2 www.aviationweather.gov +short
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

bash@DESKTOP:~$ dig 140.90.101.207

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> 140.90.101.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22888
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;140.90.101.207.                        IN      A

;; AUTHORITY SECTION:
.                       3287    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2017032102 1800 900 604800 86400

;; Query time: 31 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Mar 21 10:57:50 DST 2017
;; MSG SIZE  rcvd: 118

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 12009
  • Karma: +1034/-102
  • Not a pfSense employee, they cannot fire me...
    • View Profile
If you can not get to those servers then yeah your not going to be able to resolve records they are authoritative for.  And since the ttl they have on them are very short..  This problem is going to come up all the time..

Can you ping them??
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.3_p1 (work)
1x 2.4.0-BETA Apr 22 19:55:49 VM running on esxi 6.5 (home)

Online pfBasic

  • Hero Member
  • *****
  • Posts: 723
  • Karma: +95/-5
    • View Profile
No, I cannot ping them.

Code: [Select]
>ping 140.90.33.237

Pinging 140.90.33.237 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 140.90.33.237:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

>ping 140.172.17.237

Pinging 140.172.17.237 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 140.172.17.237:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

>ping 161.55.32.2

Pinging 161.55.32.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 161.55.32.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

>ping 140.90.101.207

Pinging 140.90.101.207 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 140.90.101.207:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

>ping 139.130.4.5

Pinging 139.130.4.5 with 32 bytes of data:
Reply from 139.130.4.5: bytes=32 time=169ms TTL=114
Reply from 139.130.4.5: bytes=32 time=171ms TTL=114
Reply from 139.130.4.5: bytes=32 time=168ms TTL=114
Reply from 139.130.4.5: bytes=32 time=169ms TTL=114

Ping statistics for 139.130.4.5:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 168ms, Maximum = 171ms, Average = 169ms

>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=48ms TTL=60
Reply from 8.8.8.8: bytes=32 time=47ms TTL=60
Reply from 8.8.8.8: bytes=32 time=47ms TTL=60
Reply from 8.8.8.8: bytes=32 time=47ms TTL=60

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 48ms, Average = 47ms

>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:
Reply from 4.2.2.2: bytes=32 time=15ms TTL=55
Reply from 4.2.2.2: bytes=32 time=14ms TTL=55
Reply from 4.2.2.2: bytes=32 time=14ms TTL=55
Reply from 4.2.2.2: bytes=32 time=13ms TTL=55

Ping statistics for 4.2.2.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 15ms, Average = 14ms