Netgate SG-1000 microFirewall

Author Topic: [SOLVED] DNS resolver- PFSENSE unable to resolve dns's  (Read 900 times)

0 Members and 1 Guest are viewing this topic.

Offline interested_party

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
[SOLVED] DNS resolver- PFSENSE unable to resolve dns's
« on: December 23, 2017, 04:29:18 pm »

quick background, I'm interested in running dns resolver on my pfsense server where my dns's get resolved using johnpoz
"Hey root servers who is NS for .com
Hey .com NS who is NS for
Hey NS what is IP of"

current situation, after setting DNS resolver up, my current situation is:
- on my pfsense server , pfsense cannot do any resolution of any DNS's.
   such as
   diagnostics-> DNS Lookup, all take a long time and fail.
   NTP server lookup fails on pfsense, it can't resolve the dns
   PFBlocker DNSBL lists downloads all fail, as it cannot resolve the lists url, and firewall rules that use domain name

- DNS lookups from all clients on the network that is using pfsense as the dns resolver works great.  i.e. all clients have as their dns, and speed is great.

Main Question, How can i configure pfsense to properly resolve dns's without adding dns servers, or if needed use itself to resolve dns's?  further below i played around with resolv.conf

if i add DNS server's like opendns or quad9 back into my general settings, everything resolves within pfsense properly, after removing the dns's from general settings, is when pfsense stops resolving [clients of pfsense still work], From what i have read, i should keep the dns's in general settings blank to let dns resolver do its job, from

Current Configuration where pfsense cannot resolve DNS's:

--- General -> Settings ---

DNS Server settings = blank.
DNS Server Override =Unchecked
Disable DNS Forwarder =Unchecked  [tried checked and not checked as a test]

timeservers = [populated with a dns but not resolving, i get an error on my dashboard]

---DNS Resolver Settings---

Enable is =Checked.
Listen Port= 53
Network Interfaces [LAN]
Outgoign Network Interfaces [WAN]
System Domain Local Zone Type [Static] - using johnpoz setting
DNSSEC Enabled =Checked
DNS Query Forwarding =Unchecked
DHCP Registration =Checked
Static DHCP= Checked
Hide Identity= Checked
Hide Version =Checked
Prefetch Support =Checked
Prefetch DNS Key Support= Checked
Serve Expired = Unchecked
.. remaining is default ..
Experimental Bit 0x20 Support Checked


Cat /etc/resolv.conf
results in
search localdomain

if i overwrite /etc/resolv.conf with a custom mapping
search localdomain

pfsense is able to lookup timeserver and do a diagnostics dnslookup on an address, however after a minute or so the resolv.conf gets overwritten back to
search localdomain

and local pfsense dnslookups stop working.

general settings doesn't let me use as a dns server, the drop down only says WAN.

thank you for your time and help.
« Last Edit: December 26, 2017, 05:43:42 pm by interested_party »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15744
  • Karma: +1470/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
pfsense should be be pointing to itself for dns if your using unbound.. That is how it would be out of the box with unbound listening on all interface - if you edited what interfaces it listens on you need to make sure localhost is included and pfsense points to loopback.

Which looks like you undid on the listen interfaces since you only have lan listed
Network Interfaces [LAN]

Disable should be unchecked.. See pic below for how it should be setup.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline interested_party

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
 :D  That resolved the issue, thank you very much for your time and help!