Categories

  • Discussions about TNSR

    376 Topics
    1k Posts
    fractal_boyF
    @dgeist there is a bug on TNSR that prevents to learn neighbor mac while you have map enabled on the interface. The workaround is to configure static neighbor entry.

  • Discussions about pfSense Software, click a category below

    122k Topics
    782k Posts
    N
    @johnpoz I would like to shorten my question. I would like to implement with pfsense that if a device wants to access a domain, the associated IP address should not be the real one, but one that I have specified. This is the only way I can avoid minecraft offering to access its own server on NSW. Unfortunately, this did not work for me with the DNS resolver. This IP address is written in several places that this should be used, and in the case of PlayStation this: 45.55.68.52. If I manually set either of the two IP addresses as the primary DNS on the console, I can reach the local server. The custom script did not produce any results either. local-zone: "hivebedrock.network." redirect local-data: "hivebedrock.network. 60 IN A 45.55.68.52" local-zone: "inpvp.net." redirect local-data: "inpvp.net. 60 IN A 45.55.68.52" local-zone: "lbsg.net." redirect local-data: "lbsg.net. 60 IN A 45.55.68.52" local-zone: "galaxite.net." redirect local-data: "galaxite.net. 60 IN A 45.55.68.52" local-zone: "enchanted.gg." redirect local-data: "enchanted.gg. 60 IN A 45.55.68.52" Thank you for your answers and the helpful suggestion. Maybe you have an idea about this? I don't want to install my own DNS, I want to solve it with pfsense. Unfortunately, the override didn't work either. I set it up, but when I ping the domain, I don't get the overriden IP back, for example from the command line on Windows. Thanks a lot, Peter

  • Discussions about pfSense software packages

    21k Topics
    130k Posts
    GertjanG
    @richardsago said in acme certificate in DNS Resolver also?: After setting up acme do I need to also change "Services" > "DNS Resolver" > "General Settings" > "SSL/TLS Certificate" from the default of webConfigurator to the new certificate? Noop. Some more or less related details first : Your local (every) 'LAN' based traffic uses the default port 53, not 853. You could use 853 port and thus "TLS DNS" if you don't trust the transmission over your LANs. after all, DNS traffic to port 53 is readable - not encrypted. If your neighbor is hacking into your LAN wires, or has your Wifi WPA3 password, he could 'see (sniff) your DNS requests .... (if so, who is your neighbor ? I would be worried if your live in Langley, Virginia) Also, a DNS client addresses itself to a DNS server using an IP addess, and deosn't have an host name. Think about it : if a DNS server is only known to the client with it's host address, you would need DNS to resolve that first, before doing the DNS request. => You dive straight into a chicken and egg problem. The (my) main explanation : The DNS resolver (a server) needs a certificate - any certificate - to initiate TLS transaction. If there was a SAN (host name) in it, it wouldn't be used. After all, the client uses an IP, not a host name, to talk to the DNS server. That's very different as a web browser that connects to a web server, where you, the human, uses a host name to start with. These have to be resolved first etc. Remember : example : you visit : "forum.netgate.com". The web browser will first resolve "forum.netgate.com" - and it gets " 2610:160:11:11::6" back. Only now the browser can connects to this " 2610:160:11:11::6", and it will use 'https' = http over TLS. Port 443. The 2610:160:11:11::6 web server ("forum.netgate.com") will get a certificate back to the browser. This certificate contains : [image: 1781593859821-1243e068-358d-4f0e-9bfc-8a2607b77e8b-image.png] so the browser accepts the connection. In this case = web browsing, a certificate with a matching host name is important. Long story short : the DNS resolver / client traffic isn't using "host name" checking, so 'any' valid certificate will do. A certificate is just used to seed the TLS traffic. You can pick any certificate under the "SSL/TLS Certificate" list. Small negative side effect of using a acme.sh 'real' certificate : when renewed, the resolver has to be restarted. Or, you don't want any process to restart if not strictly needed.

  • Discuss pfSense in other languages

    43k Topics
    268k Posts
    G
    Hi wenn ich offen sein darf - ich trauere ISDN auch immer noch hinterher ... aber hilft ja nix ... Inzwischen hat sich das ganze etwas geändert - wir planen nun CloudPBX einzusetzten. DAs ist ne Telekom Cloud Telefonanlage bei der Lokal garnix mehr installiert wird - auch die Telefone sind dann von der Telekom mit auto provisionierung Nun stellt sich nur noch die Frage ob ich hier in Verbindung mit Pfsense was beachten muss ... Grüße !

  • Information about hardware available from Netgate

    3k Topics
    21k Posts
    S
    @stephenw10 said in 7100 : spoof MAC ?: Nice. Good result! It's an honor to hear this from you, thanks ;-)

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA
    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    4k Topics
    19k Posts
    stephenw10S
    You're right it shouldn't. I tested all the skins myself and all have parts that don't display correctly. Using dark reader solved almost everything and was trivial so I went with that.
Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.