Thanks @Bill_Miller, I had Use Secure DNS turned on; it’s now turned off.
@Fred_H , In case it helps, I experimented a bit further and found that that if I created a forwarding rule including dns.google (Google DoH domain) forwarded to 34.74.71.110 (Google NXDOMAIN IP), it prevented Secure DNS from taking effect. So rather than turning the Secure DNS feature off on all computers using Chromium-based browsers, one could simply activate this rule on all policies.
@Bill_Miller, that’s a neat approach but my world is simpler: One PC and two laptops so it’s easy to make the changes. OTOH, I expect that someone searching the topic would be thrilled. Thanks again.
I’m sorry, but we need to access Paula’s site. So I have removed AdamONE from our pfSense. I will happily reinstall it for testing whether the site is reachable with it. I’m disappointed that I have to take this action.
Hey @Fred_H on Aug 2nd I asked you to run the adamone-issue command and send the file into support@adamnet.works
Did you ever do this? If so can you give me the ticket number.
It was adamissue_2024080213521722621177.tar.xz
Because the information seemed short I just copy/pasted it. It was:
Collecting troubleshooting data
checking for DNS hijack
/usr/local/sbin/anmuscle -v
/usr/bin/uname -a
cat /usr/local/etc/adamone/anmuscle.conf
pfctl -s rules
pfctl -s rules -a “userrules/*”
sockstat | grep :53
sockstat | grep :80
sockstat | grep :443
ps ax | grep anmuscle
netstat -rn
ifconfig
cat /etc/resolv.conf
cat /etc/hosts
cat /var/dhcpd/var/db/dhcpd.leases
cat /var/dhcpd/etc/dhcpd.conf
If I did this wrong please tell me; I’ll reinstall and export it and send the file.
No we need the actual file that it creates. It might still be there, it’s probably called adamissue_2024080213521722621177.tar.xz in your case.
It was there. I’ve sent it to support @ adamnet . works
An additional piece of information: I couldn’t reach github either, so I added it and Paula’s site to an Allow list (both on the same list) with “Allow Lists: Use System DNS instead” set ON. I can reach github but I still can’t reach Paula’s site. The “Rule Applied” log entries for these two sites are:
- github: ISP - Bundle | forwarded to default resolver | Rule: My Allow List, Policy: Basic Filtering
- PaulaHooper: System - System | no answer found for requested record type | Rule: My Allow List, Policy: Basic Filtering
Both of these log entries have a green background.
Why are they being treated differently? Could it be related to the (Bluehost) hosting?
It’s fixed! This morning I noticed while looking at the log that our NAS is named “hooper.com” and that the pfSense firewall is also named “hooper.com”. So I changed the hostname from pfsense to pfsense_host and the domain from “hooper.com” to “hooper_firewall.com” (in System | General Setup). After these two simple changes I can reach the site from all of our computers.
I don’t understand why this fixed it, but I’m happy (and satisfied) that it did. Thanks to @atw and @cfoster for their efforts and I apologize for any time wasting that I caused.
1 Like
Thanks for sharing. It’s still odd because the web site you were having issues with was paulahooper.com not hooper.com but if it worked that’s great 
1 Like
I’m sorry to add to this “Solved” thread, but I have a complication that’s also solved (I think): The Router Advertisement Daemon (radvd) won’t run unless the pfSense domain name is “hooper.???”.
radvd hasn’t run since I changed the domain name to “hooper_firewall.com” despite numerous manual and automatic tries. When I temporarily changed it back to “hooper.com” radvd ran but I couldn’t reach Paula’s site.
Looking at the pfsense system logs for routing, I found “invalid domain suffix specified”. On a whim I tried “hooper.opt” as domain name and everything works – both radvd and Paula’s site. Then I searched online for “pfsense router domain name”. The manual suggested combining the host name (pfsense for mine) with a site (hooper.com) to form pfsense.hooper.com, a fully qualified domain name. I did this and everything works. I think I’m finally done with this issue.