First time poster here and was hoping for some help.
Overview of my setup: Pfsense box running in dns resolver mode with domain override pointing to my AD DNS servers and forwarding mode to 22.214.171.124 and 126.96.36.199 for DNS over TLS. All domain clients point to my internal AD DNS. Lastly, I added my pfsense box IP to the AD DNS forwarder list.
Problem: Resolving *SOME* host names for websites very slow and also preventing VPN from starting unless I use an IP instead of host name. Also causing issues with pfsense updates not working. Website once loaded is fast, but then if I close browser and wait a bit, it will revert to loading slow again for the first time visiting.
Cause: I narrowed down the cause to a floating rule I have that blocks port 53 dns in the “Out” direction on my WAN/VPN interface. If i disable this rule, everything works normally but then my network starts using port 53 for dns instead of 853.
Banging my head for a awhile for why blocking port 53 outbound causes these issues – as it seems no one else doing this have similar complaints. Any help is appreciated! Thanks
Powered by WPeMatico