Total pfSense (and generally networking) newbie here. I recently upgraded from a crappy zyxel router to running pfSense on a PC put together from some old parts I had at home. Everything so far has been working really well, except one weird issue: A single website, https://euipo.europa.eu/, is giving me the DNS_PROBE_FINISHED_NXDOMAIN error in Chrome. Other browsers have issues too, eg. FF says “We can’t connect to the server at euipo.europa.eu.” etc. I get the issue on any machine on my LAN, even my phone, but if I turn off the WiFi on the phone and use the cellular connection I can access the page just fine. So it seems there is a problem with my pfSense setup. So far this is the only website giving me this error.
Doing a DNS Lookup in the pfSense web configurator to “euipo.europa.eu” returns the IP just fine, ie. 18.104.22.168, so I suspect it has something to do with the firewall. Initially I had pfBlockerNG installed and I was pretty sure that was the problem but I couldn’t figure it out so I finally restored the whole system to factory defaults and I am still getting the same error.
This is not the end of the world for me, but I am a bit worried I have some incorrect config somewhere which will bite me later unless fixed. I have tried to check every conceivable log for errors but nothing seems to give me any hints on where the problem is.
Ideas, or suggestions on where to start looking?
Thanks a lot!
I’m not gonna test that URL just in case it’s dodgy !
You don’t need to do a full reset, you can take back and restore as you are testing out your config.
Never encountered your issue but it sounds like DNS related …
perhaps have a look at Troubleshooting — Troubleshooting DNS Resolution Issues | pfSense Documentation
Could also be the DNS service you are using, switch over to say Quad9 or google.
Heh, yeah I included the URL mostly for completeness. It is the website for the European Union Intellectual Property Office. I am tracking the progress of a trademark application.
I use 22.214.171.124 and 126.96.36.199 as DNS servers, and I also allow the list to be “overridden by DHCP/PPP on WAN”. Resolving the hostname from the web configurator also lists DNS servers 188.8.131.52 and 184.108.40.206 which I assume are from the ISP. I have tried with and without that option, but no luck.
Thanks for the link, I’ll be sure to recheck it but I fear I have looked through most of it already.
I searched via DuckDuckGo and was able to find https://euipo.europa.eu/ohimportal/en without any issues, I’m running pfsense with pfBlocker and Quad9.
Yeah, it’s weird. I get the same DNS error for that URL too. I haven’t added an allow-rule as suggested in the troubleshooting guide yet, but I also don’t seem to get any blocked connections in the logs, so I don’t think I should need to…
EDIT: Added the rules. Didn’t help…
Okay, I am making progress. I disabled the DNS resolver on the pfSense box and added the DNS servers 220.127.116.11 and 18.104.22.168 to the DHCP server settings. Now my client PC can immediately reach the website.
This is weird because I got those working DNS server addresses from the Diagnostics / DNS Lookup section in the web UI, but somehow it seems like pfSense didn’t use them when actually trying to visit the website…?
EDIT: It also works when passing 22.214.171.124 and/or 126.96.36.199 to the DHCP server settings.
If it is DNS check out Tom’s excellent Youtube videos like this one.
I used this and it helped me set up my DNS on pfsense. I learned a lot!
Thanks for the link. Unfortunately it didn’t help me as it mainly deals with DNS filtering, rather than setting up a barebones DNS configuration. Setting the DNS server addresses in the DHCP settings is an okay workaround for now, but I am curious if anyone has any other tips in trying to debug this.
Thanks for your help everyone!