Is the pfSense set to forward DNS requests? Maybe the ISP on the VPN side is blocking DNS requests that leave their network to a third-party DNS server? I have seen that before, over the years.
-- Steve Yates ITS, Inc. -----Original Message----- From: List <list-boun...@lists.pfsense.org> On Behalf Of Antonio Sent: Thursday, May 24, 2018 11:41 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] Diagnosing DNS Resolver SERVFAIL issues Hi, I've been happily using the "Outgoing Network Interfaces" set to my VPN interface to prevent DNS leaks and its been working pretty well until today when all of a sudden it stopped resolving DNS requests. In fact, [fri may25, 03:04 ][user@1:~]nslookup www.google.com Server: 192.168.2.1 Address: 192.168.2.1#53 ** server can't find www.google.com: SERVFAIL 192.168.2.1 is my pfSense box hooked to DSL modem. As soon as I set "Outgoing Network Interfaces" to my WAN, then it all works again. However, this means that although my traffic is vehicle through VPN, the DNS Resolver is routing requests via ISP instead of VPN. I don't understand how all of a sudden the VPN server stopped allowing DNS requests to be passed from my pfSense maching. Does this seem plausible and how do you think I can diagnose this? The is no way i can get ubound to work unless i set "Outgoing Network Interfaces" to WAN. This was not the case until yesteday. Any clues? Thanks -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
