pfSense would sometimes not resolve https://forums.lawrencesystems.com/

Just as the title says. Sometimes, pfSense won’t resolve names. Ironically, I think, it won’t resolve this forum’s IP. I had to restart the DNS resolver service before I could type this. I’m using pfblockerng and DNS Resolver. Any ideas on what I should tweak?


; <<>> DiG 9.10.6 <<>> https://forums.lawrencesystems.com/
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8355
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;https://forums.lawrencesystems.com/. IN	A

;; AUTHORITY SECTION:
.			236	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022101900 1800 900 604800 86400

;; Query time: 533 msec
;; SERVER: 192.168.82.1#53(192.168.82.1)
;; WHEN: Wed Oct 19 16:30:54 PST 2022
;; MSG SIZE  rcvd: 139

EDIT: For now, I’ve enabled DNS Query Forwarding and now resolving names. But I would like to get to the bottom of this issue.

My guess is that some list you are using in pfblocker has me blocked.

Hi Tom! I use the default list in pfblocker and didn’t add anything. Also, when I restarted the DNS Resolver service without enabling query forwarding, it got fixed, so maybe it’s not that. But then I encountered another address not resolving so I finally just enabled query forwarding.

Thanks!

Just an update, when I disabled DNSSEC support, it resolved the websites that won’t with it enabled. Could you guys try this page: https://www.ncbi.nlm.nih.gov/BLAST/ It’s a National Institutes of Health page for protein structures. I find it weird that there could be a DNSSEC problem with them. Thanks!