Re: [pfSense Support] DNS Issues with 1.2 RC2
Robert Goley wrote: based routing. DNS refuses to work. This is because the pfsense machine can I have no answer for you, but an idea to try. run tcpdump -l -n -i xxx udp and port 53 on the firewall for each interface xxx in turn whilst trying to resolve and see if any packets are seen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DNS Issues with 1.2 RC2
I personally use OpenDNS for everything since theyre outside of what the ISP handles. only downside is that if it cannot resolve a domain for HTTP, it pulls up their search page instead. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Fri, 26 Oct 2007 09:20:52 -0400 Subject: Re: [pfSense Support] DNS Issues with 1.2 RC2 I will try this later to see what the result is. Scott's suggestion of using a static route worked perfectly. The trouble seemed to come from using OPT1 and OPT2 DNS servers as the default. The pfsense machine was trying to resolve with those DNS servers using the WAN interface. I added entries for the LAN section of the firewall rules. This set the correct outbound interface for machines on the LAN but did not seem to help the pfsense machine itself. If the ISP used on the WAN interface did not has lousy DNS servers, I would never have noticed this issue. Robert On Friday 26 October 2007 05:36, Paul M wrote: Robert Goley wrote: based routing. DNS refuses to work. This is because the pfsense machine can I have no answer for you, but an idea to try. run tcpdump -l -n -i xxx udp and port 53 on the firewall for each interface xxx in turn whilst trying to resolve and see if any packets are seen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
Re: [pfSense Support] DNS Issues with 1.2 RC2
I will try this later to see what the result is. Scott's suggestion of using a static route worked perfectly. The trouble seemed to come from using OPT1 and OPT2 DNS servers as the default. The pfsense machine was trying to resolve with those DNS servers using the WAN interface. I added entries for the LAN section of the firewall rules. This set the correct outbound interface for machines on the LAN but did not seem to help the pfsense machine itself. If the ISP used on the WAN interface did not has lousy DNS servers, I would never have noticed this issue. Robert On Friday 26 October 2007 05:36, Paul M wrote: Robert Goley wrote: based routing. DNS refuses to work. This is because the pfsense machine can I have no answer for you, but an idea to try. run tcpdump -l -n -i xxx udp and port 53 on the firewall for each interface xxx in turn whilst trying to resolve and see if any packets are seen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DNS Issues with 1.2 RC2
Sean Cavanaugh wrote: I personally use OpenDNS for everything since theyre outside of what the ISP handles. surely it's easier to simply run your own caching resolvers? that way you can force a cache flush if you're changing your own DNS. the only time either your or my strategy fails is when you have an ISP like NTL in the UK who do udp:53 hijacking (just like they force all web traffic through their proxies, they do similar with DNS!). the only way I found round that was to put my own resolver on a public lan at work on a different port and hack my local bind9 config to resolve off it! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DNS Issues with 1.2 RC2
On Sat 27 Oct 2007 05:00:21 NZDT +1300, Paul M wrote: surely it's easier to simply run your own caching resolvers? that way you can force a cache flush if you're changing your own DNS. Nope, not enough. I run pfsense in 2 places (1.0.1 and 1.2beta-some), with caching dns enabled. Several times a day browsers just give a bogus domain doesn't exist. With a particular banking website I have yet to see a name resolution first time; as it's blowing up in 1s I conclude something, somewhere, doesn't even *try* to resolve. An immediate browser reload is always successful. This with various ISPs' nameservers. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DNS Issues with 1.2 RC2
On 10/25/07, Robert Goley [EMAIL PROTECTED] wrote: [snip] What am I missing? Static routes. See the multi-wan tutorials. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]