• Adding Custom Configuration in Kea DHCP Server with pfSense+ 25.03

    Pinned
    26
    4 Votes
    26 Posts
    10k Views
    G
    @Gertjan Thank you brother. All you suggestions worked great. I joined the forums just to tell you so.
  • HEADS UP: Be aware of Trusted Recursive Resolver (TRR) in Firefox

    Pinned
    85
    17 Votes
    85 Posts
    57k Views
    kiokomanK
    @Bob-Dig idk it's not my phone, if it's "Private DNS" settings than it was probably on by default, my family does not know what dot / doh is @johnpoz exactly
  • ISC vs KEA - KEA always wrong

    17
    4
    0 Votes
    17 Posts
    646 Views
    V
    @Uglybrian said in ISC vs KEA - KEA always wrong: This may help or give you some insight. https://www.youtube.com/watch?v=hI8lnWF812Y That worked - I've managed to set the inverter to manual IP address, but it is still annoying me that at random it would get the wrong IP address with DHCP, which I'm not seeing with any other device on the network. It suggests a problem with the Solaredge DHCP stack, but the chances of getting them to listen and do anything about it is small. Needing a fixed IP address for a MODBUS connection is a fairly edge case for a domestic inverter.
  • DHCPv6 on LAN offering IPs from different interface

    4
    13
    0 Votes
    4 Posts
    84 Views
    A
    @Gertjan Yep, good call. Done! I do think the behavior I saw in the original post might be a bug, though.
  • Unable to configure DHCP

    3
    1
    0 Votes
    3 Posts
    23 Views
    AndyRHA
    @kj32 PEBKAC - Interesting, I always say it is a picnic.
  • DNS resolver failed to resolve some addresses

    13
    0 Votes
    13 Posts
    125 Views
    M
    @SteveITS Yes, I just checked it's disabled. I must have disabled it since the troubleshooting began. I haven't touched it since.
  • Change IP to Static Using pfSense?

    14
    1
    0 Votes
    14 Posts
    96 Views
    johnpozJ
    @nasheayahu said in Change IP to Static Using pfSense?: and where did this user How set static IP for LAN Client in Pfsense get these column's from Looks like that post is from Updated on July 31, 2021 So yeah those screenshots are from an OLD version.. Now normal leases show their start and end time.. [image: 1760129920623-oldleases.jpg] And reservation would show na for start/end Those are old leases in my screenshots - like I mentioned most everything on my network has a reservation. That green up arrow just means that devices is currently in the arp table - so online. If it falls out of the arp table then pfsense would mark it with a down arrow, neither of those for sure 100% mean the device is online or offline - just means its either in the arp table or not.. The arp cache on pfsense expires by default 20 minutes.
  • 0 Votes
    9 Posts
    61 Views
    S
    @Gertjan steaig copy from pfSense. I'll post a screenshot when I get back home for proof
  • 0 Votes
    5 Posts
    3k Views
    S
    @cs08 I just encountered this issue and the root cause was the gateway monitor IP. I set it to 8.8.8.8 and the Check IP Service now works and the Dynamic DNS Clients are updating like they used to.
  • DDNS can not fiqure out my WAN IP Address

    ddns cloudflare comcast
    5
    2
    0 Votes
    5 Posts
    99 Views
    S
    @jake9wi Try adding a valid IP to Gateway Monitor IP Navigate to System / Routing / Gateways and edit your gateway. You'll find the Monitor IP in there. I am using 8.8.8.8 but it can be any IP that you can rely on. Post back if that resolves the issue.
  • This topic is deleted!

    6
    0 Votes
    6 Posts
    83 Views
  • Unbound issue when set in resolving mode (pfSense Plus - crashing?)

    3
    0 Votes
    3 Posts
    84 Views
    GertjanG
    @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): pfSense is plus version 25.07.1 ? That means that you and me use the same binaries, our programs, libraries, kernel drivers etc are all identical. To make live easier : let's presume your CPU, RAM etc are ok. What's left to check ? I see two points : You've added a layer of abstraction for your own convenience : a VM, which is a system that is, by itself, way bigger as 'pfSense'. Bigger system = more chances something goes wrong. A solution to exclude the VM as an issue : exclude de VM. The difference between a work DNS (unbound) and a not working DNS is most often : the settings. Not only the DNS settings, but also, for example, what interfaces are used. Btw : @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): If I set unbound in forwarding mode Forward : instead of sending the DNS requests to one of the official DNS Root name servers - this is called resolving, you send DNS request to another resolver. Both modes do more or less the same : sending requests to a remote server. I'm very sure that this works very well, as millions of copies of unbound do this a thousand time per second for many years now ^^ If you want that unbound tells you more about what it is doing, you can ask it to do so. For example : [image: 1759919398864-0946cc8a-043f-4e0d-ba36-93e6fa3e836b-image.png] Be ware : this new log should be a temporary settings as higher log levels produce more logs lines. For example, the query level produces log line for every incoming (from pfSense, or one of your LANs) DNS request. @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): ignore local DNS resolution Can't happen ^^ Resolving : Example : www.facebook.com : First : unbound contacts one of the big 13 (the root name servers), probably the closest or fastest one, and ask it if it has an IP of the Top Level Domain server (TLD) that handles the dot com's (.com). Of course it has one nearby for you, and thousands exist. Now it has the TLD server IP that handles the com top level domain, it will ask this server if it can give all de domain name servers IPs (at least 2) of "facebook.com". The TLD hands over the list of all these facebook domain name servers. Now unbound picks one of the domain name servers, and asks it : what is the IP of "www.facebook.com". The answer comes back, and unbound sends this answer to the device that request "www.facebook.com". As you can see, you can not resolve locally. A contact with at least 3 different remote servers is needed. Also : the list with the 13 root servers is build into unbound. their IPs never change. All other answers are cached !! So a fist resolve might take some time (many ms) but subsequent requests will be served out of the local cache right away, as long as the answer is TTL permitted.
  • Dynamic DNS - Azure (22.01-RELEASE (arm))

    22.01 azure ddns netgate-sg-3100
    5
    0 Votes
    5 Posts
    1k Views
    M
    @cemyl95 Funnily enough, I came to the same conclusion just this weekend :)
  • 0 Votes
    11 Posts
    123 Views
    J
    Wow! Yall have been most helpful. Thanks!
  • Unbound Does Not Check Operating System Trust Store for DNS Over TLS

    10
    0 Votes
    10 Posts
    205 Views
    F
  • DNS Domain override not working

    8
    0 Votes
    8 Posts
    633 Views
    I
    @patient0 thank you for pointing me to the right direction for troubleshooting as a side note it seems that I am able to keep System Domain Local Zone Type: static by marking the specific domain as transparent in the DNS Resolver Custom options via server: local-zone: "m.internal.domain.com." transparent it seems working so far
  • DNS stops responding to queries

    7
    0 Votes
    7 Posts
    2k Views
    A
    @EngineerSB do you have such Entires in the system log? kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (267 occurrences), euid 0, rgid 0, jail 0 kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (179 occurrences), euid 0, rgid 0, jail 0 ...
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    33 Views
    No one has replied
  • Kea DHCPv6 and clients with unstable IAID

    3
    0 Votes
    3 Posts
    708 Views
    R
    @Gertjan said in Kea DHCPv6 and clients with unstable IAID: @rolfl said in Kea DHCPv6 and clients with unstable IAID: by adding /usr/local/lib/libdhcp_flex_id.so to ... wouldn't that be : /usr/local/lib/kea/hooks/ for pfSense ? I found some kea libraries there. Correct, I must have been copying from a google search. Regardless, the file isn't there. I you could find a pre build "libdhcp_flex_id.so" (build against FreeBSD 15.x - light up a candle, and copy it in place) it might just work. PfSense is using Kea 2.6.2. Apparently pre 3.0 Kea had this library as a premium feature and requires a token to enable it. Btw : just to be sure : these devices use Wifi, right ? So it could be the wifi that 'breaks' every 10 minutes, so a DHCP initial 'boot' request will get emitted every time ? That stull doesn't expmlain why the IAID is randomized like that. I have checked unifi logs for the devices and there is no evidence of disconnect/connect behavior for wifi. If this isn't the case, why not mentioning the device by type, serial number, brand etc ? So we will all know what device not to chose at any cost, as it is known that every constructor out there wants to break IPv6, and some of them are doing a great job. I did mention that the brand was TAPO / TP-link, particularly the matter compatible wifi light switches. The model numbers are: S505, S505D, S515, P125M.
  • Serving different WPADs per subnet with Unbound

    host overrides unbound wpad
    11
    0 Votes
    11 Posts
    1k Views
    GertjanG
    @JonathanLee said in Serving different WPADs per subnet with Unbound: for Netflix not liking the HE ipv6 tunnel That was also solved with the help of pfBlockerng : [image: 1758778353680-eca53c7f-080b-4bc2-ab1a-cf4abc9e9f38-image.png] and enter all the domain names you don't want to be resolved as AAAA, only A. In my he.net days, this worked very well.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.