Ja revisou toda a parte de gateway, dns forwarder? Qual a versão do PF?
Fábio B. Moraes *Fones: (53) 98112.1173 (51) **99835.1283* -------------------------------------------------------------------------------- Em 5 de março de 2018 17:36, Fábio Rodrigues Ribeiro < [email protected]> escreveu: > Sabe o que é... o sense não está respondendo consulta, só nslookup > > Em 05-Mar-18 17:34, fabio moraes escreveu: > >> Boa tarde, >> Na paz? >> Ja pensou em colocar o dns fixo do google? na WAN 8.8.8.8 primario e >> 8.8.4.4 secundario e depois de instalar um proxy ou pelo proprio IGP do >> PFSense. >> Fazer um ping www.google.com, no terminal? >> >> >> Fábio B. Moraes >> >> >> >> *Fones: (53) 98112.1173 (51) **99835.1283* >> >> >> ------------------------------------------------------------ >> -------------------- >> >> >> >> >> >> Em 5 de março de 2018 16:40, Fábio Rodrigues Ribeiro < >> [email protected]> escreveu: >> >> Perdão por enviar duas vezes, não estava localizando a mensagem >>> >>> Em 05-Mar-18 16:38, Fábio Rodrigues Ribeiro escreveu: >>> >>> Olá boa tarde! >>> >>>> >>>> Estou com problemas do pfSense para somente servir DNS (recursivo). >>>> >>>> No Unbound seto ACL 0.0.0.0/0 ... E nada. >>>> Marco DNS Forwarder no Unbound... E nada. >>>> Libero ou desativo o firewall (WAN OU LAN)... E nada. >>>> Desmarco proteções, lockout, bogon e entre outros... E nada. >>>> >>>> Consultas lookup passam normalmente, tanto no pfSense ou cliente. >>>> Experimentei também com uma maquina real (placas intel) e tenho o mesmo >>>> sintoma. No momento do dump faço uma consulta (DNS) pelo browser vindo >>>> pela rede LAN e recebo o erro DNS_PROBE_FINISHED_NXDOMAIN: >>>> >>>> Atualmente a rede WAN está em modo NAT do vmware e a LAN está em modo >>>> Host-Only. Ambas estão sendo alcançadas normalmente, inclusive a >>>> internet. >>>> >>>> VMware Virtual Machine - Netgate Device ID: >>>> >>>> *** Welcome to pfSense 2.4.2-RELEASE-p1 (amd64) on pfSense *** >>>> >>>> WAN (wan) -> em0 -> v4/DHCP4: 192.168.48.132/24 >>>> LAN (lan) -> em1 -> v4: 192.168.226.129/24 >>>> >>>> 0) Logout (SSH only) 9) pfTop >>>> 1) Assign Interfaces 10) Filter Logs >>>> 2) Set interface(s) IP address 11) Restart webConfigurator >>>> 3) Reset webConfigurator password 12) PHP shell + pfSense tools >>>> 4) Reset to factory defaults 13) Update from console >>>> 5) Reboot system 14) Disable Secure Shell (sshd) >>>> 6) Halt system 15) Restore recent configuration >>>> 7) Ping host 16) Restart PHP-FPM >>>> 8) Shell >>>> >>>> Enter an option: 8 >>>> >>>> [2.4.2-RELEASE][[email protected]]/root: tcpdump >>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>>> decode >>>> listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes >>>> 15:00:04.123856 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 613, length 8 >>>> 15:00:04.124078 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 613, length 8 >>>> 15:00:04.654853 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 614, length 8 >>>> 15:00:04.654933 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 614, length 8 >>>> 15:00:05.186598 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 615, length 8 >>>> 15:00:05.186830 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 615, length 8 >>>> 15:00:05.718139 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 616, length 8 >>>> 15:00:05.718201 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 616, length 8 >>>> 15:00:06.248989 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 617, length 8 >>>> 15:00:06.249043 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 617, length 8 >>>> 15:00:06.780552 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 618, length 8 >>>> 15:00:06.780600 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 618, length 8 >>>> 15:00:07.312296 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 619, length 8 >>>> 15:00:07.312357 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 619, length 8 >>>> 15:00:07.843499 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 620, length 8 >>>> 15:00:07.843609 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 620, length 8 >>>> 15:00:08.375041 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 621, length 8 >>>> 15:00:08.375190 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 621, length 8 >>>> 15:00:08.907069 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 622, length 8 >>>> 15:00:08.907187 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 622, length 8 >>>> 15:00:09.438780 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 623, length 8 >>>> 15:00:09.438833 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 623, length 8 >>>> 15:00:09.925200 IP 192.168.48.132.52096 > dns.quad9.net.domain: 63751+ >>>> [1au] A? google.com. (39) >>>> 15:00:09.967095 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 624, length 8 >>>> 15:00:09.967143 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 624, length 8 >>>> 15:00:10.180729 IP dns.quad9.net.domain > 192.168.48.132.52096: 63751 >>>> 1/0/1 A 172.217.12.206 (55) >>>> 15:00:10.181001 IP 192.168.48.132.27048 > dns.quad9.net.domain: 50603+% >>>> [1au] DS? com. (32) >>>> 15:00:10.441837 IP dns.quad9.net.domain > 192.168.48.132.27048: 50603$ >>>> 2/0/1 DS, RRSIG (367) >>>> 15:00:10.442752 IP 192.168.48.132.6260 > dns.quad9.net.domain: 51511+% >>>> [1au] DNSKEY? com. (32) >>>> 15:00:10.482996 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 625, length 8 >>>> 15:00:10.483019 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 625, length 8 >>>> 15:00:10.624300 IP dns.quad9.net.domain > 192.168.48.132.6260: 51511$ >>>> 3/0/1 DNSKEY, DNSKEY, RRSIG (743) >>>> 15:00:10.624658 IP 192.168.48.132.10239 > dns.quad9.net.domain: 24068+% >>>> [1au] DS? google.com. (39) >>>> 15:00:10.872239 IP dns.quad9.net.domain > 192.168.48.132.10239: 24068 >>>> 0/6/1 (760) >>>> 15:00:10.873122 IP 192.168.48.1.64078 > 239.192.152.143.6771: UDP, >>>> length >>>> 136 >>>> 15:00:10.873798 IP 192.168.48.1.6771 > 239.192.152.143.6771: UDP, length >>>> 136 >>>> 15:00:10.874032 IP6 fe80::e921:3395:299d:d61.64166 > >>>> ff15::efc0:988f.6771: UDP, length 138 >>>> 15:00:10.874257 IP6 fe80::e921:3395:299d:d61.6771 > >>>> ff15::efc0:988f.6771: >>>> UDP, length 138 >>>> 15:00:11.014483 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 626, length 8 >>>> 15:00:11.014552 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 626, length 8 >>>> 15:00:11.545820 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 627, length 8 >>>> 15:00:11.545840 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 627, length 8 >>>> 15:00:12.077135 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 628, length 8 >>>> 15:00:12.077228 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 628, length 8 >>>> 15:00:12.608115 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 629, length 8 >>>> 15:00:12.608173 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 629, length 8 >>>> 15:00:12.875465 IP 192.168.48.1.64078 > 239.192.152.143.6771: UDP, >>>> length >>>> 136 >>>> 15:00:12.875619 IP 192.168.48.1.6771 > 239.192.152.143.6771: UDP, length >>>> 136 >>>> 15:00:12.875673 IP6 fe80::e921:3395:299d:d61.64166 > >>>> ff15::efc0:988f.6771: UDP, length 138 >>>> 15:00:12.875901 IP6 fe80::e921:3395:299d:d61.6771 > >>>> ff15::efc0:988f.6771: >>>> UDP, length 138 >>>> 15:00:13.139386 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 630, length 8 >>>> 15:00:13.139501 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 630, length 8 >>>> 15:00:13.670592 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 631, length 8 >>>> 15:00:13.670793 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 631, length 8 >>>> 15:00:14.201479 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 632, length 8 >>>> 15:00:14.201568 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 632, length 8 >>>> 15:00:14.252141 IP 192.168.48.1.17500 > 192.168.48.255.17500: UDP, >>>> length >>>> 133 >>>> 15:00:14.732367 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 633, length 8 >>>> 15:00:14.732421 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 633, length 8 >>>> 15:00:15.262757 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 634, length 8 >>>> 15:00:15.262823 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 634, length 8 >>>> 15:00:15.793398 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 635, length 8 >>>> 15:00:15.793537 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 635, length 8 >>>> 15:00:16.325225 IP 192.168.48.132 > 192.168.48.2: ICMP echo request, id >>>> 26811, seq 636, length 8 >>>> 15:00:16.325334 IP 192.168.48.2 > 192.168.48.132: ICMP echo reply, id >>>> 26811, seq 636, length 8 >>>> ^C >>>> 65 packets captured >>>> 65 packets received by filter >>>> 0 packets dropped by kernel >>>> >>>> >>>> Abraços >>>> _______________________________________________ >>>> Pfsense-pt mailing list >>>> [email protected] >>>> http://lists.pfsense.org/mailman/listinfo/pfsense-pt >>>> >>>> >>> _______________________________________________ >>> Pfsense-pt mailing list >>> [email protected] >>> http://lists.pfsense.org/mailman/listinfo/pfsense-pt >>> >>> _______________________________________________ >> Pfsense-pt mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/pfsense-pt >> >> > _______________________________________________ > Pfsense-pt mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > _______________________________________________ Pfsense-pt mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/pfsense-pt
