Netgate SG-1000 microFirewall

Author Topic: Cannot resolve hostnames  (Read 449 times)

0 Members and 1 Guest are viewing this topic.

Offline WDen

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Cannot resolve hostnames
« on: June 21, 2017, 02:40:56 pm »
Hello,
I have a pfSense setup like so:
Code: [Select]
Internet>ISP Modem(gateway functionality disabled)>pfSense(2.3.4-RELEASE (amd64))>switch>computers
                                                                                      |-->Wireless router setup as AP
Everything was working correctly until last night, when suddenly clients cannot resolve hostnames anymore.

I am using DNS Resolver with the following configuration:
Code: [Select]
Enabled
Network Interfaces: All
Outgoing Network Interfaces: All
System Domain Local Zone Type: Transparent
DNSSEC: Enabled
DNS Query Forwarding: Disabled(unchecked)
DHCP Registration: Disabled(unchecked)
Static DHCP: Disabled(unchecked)

Firewall rules are as follow:
Code: [Select]
* * * LAN Address 443
80 * * Anti-Lockout Rule
IPv4 * LAN net * * * * none   Default allow LAN to any rule
IPv6 * LAN net * * * * none   Default allow LAN IPv6 to any rule

On my Dashboard, DNS Servers only shows 127.0.0.1. Note that before this showed the ISPs DNS servers, I still had the same issue.

From pfSense, I can run ping, DNS Lookup, both work properly. I've also run dig cnn.com from shell and it works.

From Client computer, I can ping 8.8.8.8, pfSense(192.168.1.1), I can ping WAN IP and WAN Gateway IP. I cannot ping www.google.com.
Nslookup returns the following:
Code: [Select]
Default Server:  UnKnown
Address:  192.168.1.1

> set debug
> www.google.com
Server:  UnKnown
Address:  192.168.1.1

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0


------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0


------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0


------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = REFUSED
        header flags:  response, want recursion
        questions = 0,  answers = 0,  authority records = 0,  additional = 0


------------
*** UnKnown can't find www.google.com: Query refused

Code: [Select]
nslookup www.google.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:400b:808::2004
          172.217.0.228

I have uninstalled all packages. I also noticed that when I use a DNS Server that is not pfSense(192.168.1.1) everything works correctly.

Could anyone help me with this issue? I'm not sure what else to try other than Resetting to Factory defaults, but I would prefer not to have to do that.

Thanks.
« Last Edit: June 21, 2017, 02:49:53 pm by WDen »

Offline Lawrence Dol

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
    • Software Monkey
Re: Cannot resolve hostnames
« Reply #1 on: January 12, 2018, 08:00:58 pm »
This is an old post, but I just resolved this exact issue, which in my case turned out to be having DNSSEC enabled. Try disabling DNSSEC to see if your clients can then resolve names.
Lawrence Dol
Perfection is the enemy of excellence.
pfSense on a recycled AMD AthlonII X3 435; 3GHz; 8 GiB