I’ve been using Adam:ONE on pfSense for about two weeks now and generally I have been happy with it but one nagging thing is causing me a bit a grief. At seemingly random times of day I will go to visit a given website such as wikipedia dot org and DNS resolution will fail completely this is confirmed by pinging the domain at OS level from any client on my network (iOS, Windows, etc.). However, during this time I am able to ping other domains such as google.com etc. without issue. If I wait a couple minutes and try pinging the original site (wikipedia dot org etc.) all of a sudden resolution will start working again.
The behavior is almost like the problem domain is dropping out of a cache somewhere but other domains are left unaffected. I have double checked my rules and I don’t have anything that blacklists any core cloud infrastructure like AWS EC2 etc. so I doubt any of the Adam:ONE filters is interfering. It’s just a very odd and annoying issue that I’m hoping I can get to the root of.
I thought it may have been OpenDNS as I had it as the default DNS provider but I have since switched to the much more capable CloudFlare 1.1.1.1 (specifically 1.1.1.3 for their family filter) and the issue persists. If anyone has hit this and can provide some feedback on a resolution or things to try I would greatly appreciate it. Thank you!
I am having the same issue here. Can’t tell you how to fix it though. I have seen a cookie clear do the trick on chrome when a website didn’t want to resolve after an unblock.
Thank you for the reply. Unfortunately the sites that do not resolve for a minute or two randomly are not ones I have ever blocked; that is the most confusing aspect of the issue to me. It seems like the local Adam:ONE plugin on my pfSense is in the middle of updating a cache or something but that is just a wild guess by me as I’m not really sure if anything is cached locally or if it is only acting as a forwarder.
Yeah I’m seeing that too. Google.com doesn’t resolve. IF, the logs show anything, it’ll say blocked- local. And that’s a big if. The logs are very unreliable.
That’s disappointing to hear but I am finding the same. The dropouts are causing grief for my family since my wife and son started school remotely at home so I am switching to NextDNS for now since they now offer a mature CLI DoT Proxy that works well on PFSense. Hopefully Adam Networks can improve the reliability of their product on pfSense and include some improved latency options (first tier anycast instead of relying on forwarder to other providers).
@hazarjast@nckrwlmn I am wondering if it’s perhaps related to a fix we included in 3.4.8 in your circumstance(s). Note also, that depending on how you resolve a domain, it may add your local DNS suffix added by your own network. If you’re open to trying 3.4.8 rapid release, and if it still happens, please send log-level 4 or above to support@adamnet.works as the logs should be 100% reliable at this stage.
@David Appreciate the feedback. I won’t be in a position to test this for awhile as I don’t have a secondary pfSense setup at the moment but would be interested to know the results if @nckrwlmn or others on pfSense are able to test. For whatever reason even if I jacked the log verbosity up to 6 I never saw anything that appeared related to the issue. Apologies but I don’t have the Adam:ONE package installed or configured currently else I would test 3.4.8 as offered.
I understand @hazarjast. If you get the chance again, or @nckrwlmn gets a chance to compare, the key would be compare if mytools.management/log shows anything different than the host-written /var/log/adamone/anmgr.log (log-level 4 and above) when filtering for “DNS=” entries. In our testing they match now, but if any further problems are found in this area, we would love to know.