Regression #14368
closed
Intermittent DNS failures
0%
Description
When DNS Resolver is set to forwarding mode and "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" is enabled, there are intermittent failures. I can't replicate it on demand, but I've noticed it most on iOS devices, often when opening the App Store and it said it is unable to connect. In the past, it does seem that macOS/iOS tends to cache and hang on to failed DNS resolutions, so maybe that's why I see it more there.
Anyway, this issue is discussed in the posts below:
Related issues
Updated by Doug Miles over 1 year ago
This is actually for 23.01
That somehow posted before I had finished typing and checking everything. Here are the links I was trying to paste in:
https://forum.netgate.com/topic/177979/23-01-breaks-dns-resolver-and-pfblocker/23
https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl
I'm using 1.1.1.2/1.0.0.2 as my upstream DNS servers, with "security.cloudflare-dns.com" for the TLS hostname. 9.9.9.9 is also commonly used in the threads I linked. After a week or so of testing, enabling and disabling "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" causes and resolves the issue, respectively. First noticed immediately after the upgrade to 23.01.
Updated by Brad Smith over 1 year ago
I've noticed the same since 2.7 snapshots for a long time. At first, I suspected my WiFi system but I eventually ruled that out. I too have noticed that iOS devices seem to be worst affected for some reason (maybe something to do with the way they retry DNS requests).
I use 1.1.1.1/1.0.0.1 SSL/TLS
Updated by Jim Pingle over 1 year ago
- Project changed from pfSense Plus to pfSense
- Category changed from DNS Resolver to DNS Resolver
- Affected Plus Version deleted (
22.01)
Updated by Jim Pingle over 1 year ago
- Is duplicate of Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR added