I have noticed recently that I can't connect to BT NS servers using the DNS Resolver in pfsense .
;; Received 540 bytes from 192.31.80.30#53(d.gtld-servers.net) in 14 ms ;; communications error to 193.113.32.156#53: timed out ;; communications error to 193.113.32.156#53: timed out ;; communications error to 193.113.32.156#53: timed out ;; communications error to 193.113.57.242#53: timed out ;; communications error to 193.113.32.157#53: timed out ;; communications error to 193.113.57.243#53: timed out ;; no servers could be reached
However if I go through a VPN or connect from another ISP there are no issues.
Currently it means I can't connect to the bt.com web page unless I create a domain override.
No other Web pages are affected except the bt.com domain.
Are you using the DNS servers notified via WAN DHCP when you connect? If not, then I'd suggest that you try using those servers first.
I assume the local DNS Resolver will find the correct DNS servers, which it does it's just that I can't talk to them.
If I override this and manually add the DNS servers eg, 8.8.8.8, then it works. It's maybe the recursive nature of the local resolver that is causing a block.
It's strange that it has only happened in the last 5 days and no other domain has been effected, nothing has changed on my end.
If you are indeed using WAN-DHCP to pull your DNS servers, then yes the supposedly correct IP addresses should be being sent. At that point so long as all the DNS security settings are pretty vanilla, it should all be working. From my own fiddling, I had to get up to the point of trying to use DNS-over-TLS (DoT) before I could break BT DNS - but that required manually setting the DNS servers, and if using BT DNS servers is a pretty pointless exercise!
I do think it's likely to be something client side though, as in my own experience with BT DNS what is issued to the router are proxy DNS IPs, the actually used server IPs are different (check using a DNS leaktest site). So if it were a general configuration issue, more people should be seeing it.
Can you maybe set up dnsmasq or whatever pFsense uses instead to log the calls and responses?
I had a power cut overnight, due to storm, when it came back on my public IP had changed from a 147.148.xxx.xxx to 86.166.xxx.xxx
Now the DNS resolver is working again, must be something strange with the 147.148.xxx.xxx range
When ISP's run out of IP addresses of their own don't they hire them in from elsewhere? If that is the case could be that BT hired in the 147.148.x.y range from company in the US but not everything had the chance to update where the addresses were now resident (IE the UK) with the consequent issues?