pfSense - Not Resolving Hostnames to IP Addresses?

 

Intro:

For a while this has been bugging me. You should be able to ping a hostname on the local network and it should return the device's IP address. It's working for some hosts but not all. This is under Windows 10 Enterprise or Pro.

"ping orangepizero3" should return 192.168.2.226 but the ping command is stating "Ping request could not find host orangepizero3. Please check the name and try again.".

Fix:

Call up your pfSense web admin portal.

Navigate to "Services --> DNS Resolver".

Scroll all the way down and at the bottom enable the following two settings:

• DHCP Registration
• Static DHCP

The page will reload, click on "Apply" in green.

Flush the DNS resolver on your machine.

ipconfig /flushdns

Try pinging the host again.

Side Notes:

Google Chrome loves to not work properly on many levels. For the example above I'm finding that it doesn't even attempt to look up "orangepizero3" before returning "Address not found...".

If I call up "http://orangepizero3/admin" in a normal or private Chrome Window, I get the same error. 

• CTRL + Reload doesn't do jack.
• Clearing the DNS cache at "chrome://net-internals/?#dns" doesn't do shit either.

However if call it up in FireFox in either a normal page or private page, it loads the Pi-hole page after a second or two of thought. Subsequent lookups are even faster due to its caching.

At a loss with Chrome.

👽

Orange PI Zero 3 - Initial Set Up, DDNS, and WireGuard Configuration

Intro:

MAJOR EDIT IN PROGRESS!!!!!

This is a multipart article wrapped into one. We'll use the Orange PI Zero 3 as a DDNS update client, Pi-hole server, and as a WireGuard server. This will assume you've read and setup the pi already. (INSERT ARTICLE HERE ABOUT GENERAL SETUP). We'll load some cool tools for administering the network as well.

This entire thing started when you could no longer buy a Raspberry PI for $35.

Usually NVR camera systems will include some sort of dynamic dns service or allow you to use your own update URL. I had the "pleasure" of working on a Speco NVR unit. If you've never heard of them stay away, they're akin with the no name systems sold in big box stores. Five minutes with this thing and you'll want to throw it out a window. There's tons of standard features that are nowhere to be found on these units. I've seen cheaper noname brands that include more functionality.

This particular Speco VX NVR only includes their own ddns service (which does not work) and contains no alternative options. They do not give you the option to use popular services such as "no-ip" or "dyndns". Usually you can get away with using the "dyndns" update url with your own service. Nope, not this time.

In comes the Raspberry PI, great idea but still (10/2023) ridiculously overpriced by scalpers, so this is a no go. Orange PI looks like a viable alternative on paper at a quarter of the cost and is currently in stock.

I'm using the Orange PI Zero 3 for this (tested with 1 & 2gb version). Amazon had them delivered the same day.

Since there are no commercial cases available I have modified another design to include a spot for velcro and or hidden drywall screws. I've also modified it to take the el cheapo Amazon stainless metric socket cap screws that have a splined design on the cap side. My local hardware store has the smooth side version (18-8) which is why they fit easily on the first print.

I can only find two types socket cap screws from McMaster-Carr that fit the bill for this design. One has a smooth side and is labeled " 18-8 Stainless Steel Socket Head Screws" and the other " Super-Corrosion-Resistant 316 Stainless Steel Socket Head Screws" is overkill for this design but I suspect it's what the Chinese have sloppily copied and are reselling on Amazon.

I believe the original designer of this case used the CAD files in Fusion 360 of the 18-8 screws and not a physical measurement of the Amazon specials.

I'm in the process of redesigning this case from the ground up to make the installation easier.

Windows - Reset TCP/IP Stack

 

Intro:

This is just a quick list of commands you can use to reset the TCP/IP stack in Windows.

Commands (CMD run as Admin):

ipconfig /flushdns

netsh winsock reset

netsh int ip reset

netsh interface ipv4 reset

netsh interface ipv6 reset

netsh interface tcp reset

netsh int reset all 

nbtstat -R

nbtstat -RR

netsh interface tcp set global autotuninglevel=disabled

netsh advfirewall reset

PowerShell (run as admin):

Get-NetAdapter | Restart-NetAdapter

Conclusion:

I'll add to this list as I either remember forgotten commands or I come across new ones.

👽

Unifi Controller - STUN Not Working Through Cloudflare

 

Intro:

I had made some changes, removed the previous CDN and started using Cloudflare on a new site. Everything seemed ok at first. Setup the DNS records Cloudflare asks for on my serving host, Cloudflare verifies you own the domain, 24 hours later, and you're good to go......sorta.

Problem:

I have a slew of DDNS names running off of another domain for clients. About a week goes by and I realize I'm not able to resolve a client's DDNS name. I figure it's part of a local outage. Later that day I try again and the issue persists so I press on.

Fix:

First off I realized that the DDNS NS records didn't get pulled in to Cloudflare.

Ok so to solve that I literally had to import in each DDNS name, mark it as a NS record, and point it back to the name server where I have the DDNS service running. Within 15 minutes all of the NS records started working again.

A few days pass and I log into to take a look at my Unifi controller. Normally it's blabbering about latency errors from every single wireless client on every single site I have. The device don't actually have an issue but Ubiquiti doesn't seem to care when you try to inform them about the situation. Anyway that's a whole other conversation for another time.

I'm seeing STUN errors on every single device. I login into the router and double check port forwarding for the standard port of 3478. It's there all right. Turns out you can't hide an IP address through Cloudflare which has a STUN server running on it. Cloudflare only port forwards a select number of HTTP and HTTPS ports. The default for STUN, 3478, is not on the list. (While using a Unifi Cloud Key you cannot change this port. I can't even SSH into the damn thing to play around with the internals. I will do this in another post). So you have to select the gray cloud icon in Cloudflare and set that A record to not be proxied. Bummer.

Extras:

Here's a link to Unifi's default ports:

https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used

Here's a link to the article on Cloudflare denoting what port are forwarded:

https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/

👽