DNS resolution issues on pfsense -- Weird

Networking & Firewalls
1

HI…
We recently changed Internet providers. And I noticed that I’m having problems with DNS resolutions. The weird part is that the DNS resolution fails to work after about 6-8 hours of change.

To restore functionality, I need to reboot the ISP bridged router and pfsense. Or delete and re-enter DNS settings on the pfsense.

We contacted ISP tech support, and they said it’s the firewall, and not the ISP device. Does anyone know what is causing this issue?

pfBlockerNG and DNsBL are disabled, and DNS resolver is enabled. Is there a way to see what’s causing this issue

We did not have this issue with the earlier ISP. We changed ISPs because the earlier provider did MAC binding for static WAN IPs. But not the new provider.

2

Any DNS or just the ISP one?

Make a package dump on the pfsense WAN interface to see whats going out / in.

3

Was the pfSense DNS caching server (“Unbound”) up, and were you able to query it?

Some people were reporting random Unbound crashes after updating to pfSense v2.5, which has been resolved with a patch (v1.13.1). You can try a pkg update && pkg upgrade unbound to check.

4

@tcpip.wtf Its any DNS, we are facing this issue. Do you have instructions to do a package dump?

5

You can do that within pfSense.

Diagnose → Package Capture.

Details:
https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/webgui.html

6

@tcpip.wtf Thanks… WIll review.

7

I found its when Unbound stops, that there is DNS issue. Unbound stops randomly. Not sure what is causing it to stop. Any ideas?

8

If you have Watch Dog enabled, you have to disable it in the Monitored Services list. That is the workaround. Then again, I have experienced with this 21/2.5 update most of the configs will get broken, so it is best to install new image and repo or rebuild your configs. My XG7100 had corrupted config, I managed to get things right on a duplicate.