On 2014-02-14 17:57, Chris Bagnall wrote:
On 14/2/14 3:37 pm, Thinker Rix wrote:
I have had entered some domain names there in the past, which always
worked flawlessly.
Recently I changed ISP and since then the domain names are not resolved
anymore to IPs, so that the traffic using those aliases gets blocked by
the firewall.
When resolving the IPs manually via the pfsense logs, it works fine. But
for some reason pfsense can not resolve the domain names inside the
aliases anymore.
Has anybody got an idea what the fault could be?
Are you manually specifying the ISP resolvers in your config, and is
it possible they're still set to the old ISP's config? Probably a
question for the devs: is it possible that lookups for aliases use
what's on the general config page rather than anything overridden by
PPP/DHCP?
Kind regards,
Chris
Hi Chris,
Thank you for your time!
Here are some details:
- As long I was with the old ISP, I had manually specified the DNS
server of this provider in pfsense and deactivated the "Allow DNS server
list to be overridden by DHCP/PPP on WAN". The reason for this was a bug
in 2.0.2 which prevented pfsense to receive the DNS data from the ISP.
- At some later point I updated to 2.1 and although it has the bug
corrected, I left the manually specified DNS IPs in pfsense
- I then changed to a new ISP. DNS was broken then, because the old
provider did not leave me use his DNS anymore when not being his
customer. I then activated "Allow DNS server list to be overridden by
DHCP/PPP on WAN" which fixed DNS again, since I got the DNS IPs from the
new provider, too. But since I still had not erased the 2 old IPs from
the list, I now had 4 DNS IPs: 2 old-ISP + 2 new-ISP
- Last I went and erased the 2 IPs from the old ISP, so that I now have
an empty list and only ""Allow DNS server list to be overridden by
DHCP/PPP on WAN" activated. As a result pfsense has only the 2 IPs from
the new ISP in the dashboard.
- Everything works fine, pfsense can resolve IPs. Examples: The
dashboard says that I am on the latest version (=url is resolved),
diagnostics>ping and diagnostics>traceroute work with domain names.
Now:
- The only thing that I have found for now that is not working is the
automatic resolve of domain names inside Firewall:Aliases. Since these
aliases are used in my firewall rules, I can see blocked traffic in the
system logs. When I use the button "Reverse resolve with DNS" on the
blocked traffic IP, it resolves the domain names that I have in my aliases.
- As a work arround I am currently entering the IP adresses in my
aliases instead of a domain name. This makes my rules work again, but is
very error prone, since the IP adresses change frequently. So I need to
have the domain names work again somehow.
Any ideas what could be the problem?
Thank you
Thinkerix
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
