Unable to resolve DNS Queries from Local LAN

zecora · June 19, 2020, 8:03pm

I recently build a new firewall after getting new hardware and upon setting it up I am running into an issue where devices on a few networks can’t resolve.

I am running pfSense 2.4.5-1 and have been trying to sort this out but have become stuck. I am sure it is an easy fix but I wanted to make sure I set it up correctly.

Network Wireless Firewall Rules;

NAT Wireless DNS Rule;

From any devices on this network, I can ping anything local and external by IP but when I try to ping by hostname it doesn’t resolve. I have confirmed that DNS Resolver has this network selected for inbound requests. If I change ‘127.0.0.1’ to ‘192.168.60.1’ it seems to have resolved the issue but i followed this from pfsense documentation and wanted to make sure it isn’t anything else I am missing and should be ‘127.0.0.1’.

Rule link (pfSense® software Configuration Recipes — Redirecting Client DNS Requests | pfSense Documentation)

David · June 19, 2020, 11:37pm

Could it possible be related to the same issue I was facing?
https://staging-forum.lawrencesystems.com/t/pfsense-unable-to-resolve-dns-queries-against-the-wan-interface-resolved/5334/3

TDCLGrant · June 19, 2020, 11:57pm

Post pic of your DNS addresses.

zecora · June 20, 2020, 7:07pm

@ David & @TDCLGrant - I think i was able to resolve this after finding out i was blocking all internal traffic because of my ‘VL60_WRLSS: Reject Any Local Traffic’ rule and had to create a rule to bypass the allowed ports like DNS/53. Is there an easy way to not block any local traffic on this subnet based on how I have it setup or what are your recommendations?

TDCLGrant · June 21, 2020, 10:32am

My only recommendation is develop a strong understanding of firewall rules and their implicit logic. You have a lot of FW rules, so there is ample opportunity for issues. Map out (draw them) all of your rules. Then you will be able to physically see where they might conflict.