• Adding Custom Configuration in Kea DHCP Server with pfSense+ 25.03

    Pinned
    26
    4 Votes
    26 Posts
    10k Views
    G
    @Gertjan Thank you brother. All you suggestions worked great. I joined the forums just to tell you so.
  • HEADS UP: Be aware of Trusted Recursive Resolver (TRR) in Firefox

    Pinned
    85
    17 Votes
    85 Posts
    56k Views
    kiokomanK
    @Bob-Dig idk it's not my phone, if it's "Private DNS" settings than it was probably on by default, my family does not know what dot / doh is @johnpoz exactly
  • ISC vs KEA - KEA always wrong

    12
    4
    0 Votes
    12 Posts
    333 Views
    GertjanG
    @Vollans said in ISC vs KEA - KEA always wrong: Solar upgrade Not the hardware Just the the firmware. Anyway : I still suspect it isn't a kea issue as it clearly says : 10.0.1.2 can be given as another device is using it. Afaik, kea does a network network broadcast for "who has 10.0.1.2") first and no device should answer. Apparently, some one answered. What about an ARP packet capture to see who answers ?
  • Unbound issue when set in resolving mode (pfSense Plus - crashing?)

    1
    0 Votes
    1 Posts
    23 Views
    No one has replied
  • 0 Votes
    11 Posts
    64 Views
    J
    Wow! Yall have been most helpful. Thanks!
  • Unbound Does Not Check Operating System Trust Store for DNS Over TLS

    10
    0 Votes
    10 Posts
    141 Views
    F
  • DNS Domain override not working

    8
    0 Votes
    8 Posts
    570 Views
    I
    @patient0 thank you for pointing me to the right direction for troubleshooting as a side note it seems that I am able to keep System Domain Local Zone Type: static by marking the specific domain as transparent in the DNS Resolver Custom options via server: local-zone: "m.internal.domain.com." transparent it seems working so far
  • DNS stops responding to queries

    7
    0 Votes
    7 Posts
    2k Views
    A
    @EngineerSB do you have such Entires in the system log? kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (267 occurrences), euid 0, rgid 0, jail 0 kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (179 occurrences), euid 0, rgid 0, jail 0 ...
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    33 Views
    No one has replied
  • Kea DHCPv6 and clients with unstable IAID

    3
    0 Votes
    3 Posts
    669 Views
    R
    @Gertjan said in Kea DHCPv6 and clients with unstable IAID: @rolfl said in Kea DHCPv6 and clients with unstable IAID: by adding /usr/local/lib/libdhcp_flex_id.so to ... wouldn't that be : /usr/local/lib/kea/hooks/ for pfSense ? I found some kea libraries there. Correct, I must have been copying from a google search. Regardless, the file isn't there. I you could find a pre build "libdhcp_flex_id.so" (build against FreeBSD 15.x - light up a candle, and copy it in place) it might just work. PfSense is using Kea 2.6.2. Apparently pre 3.0 Kea had this library as a premium feature and requires a token to enable it. Btw : just to be sure : these devices use Wifi, right ? So it could be the wifi that 'breaks' every 10 minutes, so a DHCP initial 'boot' request will get emitted every time ? That stull doesn't expmlain why the IAID is randomized like that. I have checked unifi logs for the devices and there is no evidence of disconnect/connect behavior for wifi. If this isn't the case, why not mentioning the device by type, serial number, brand etc ? So we will all know what device not to chose at any cost, as it is known that every constructor out there wants to break IPv6, and some of them are doing a great job. I did mention that the brand was TAPO / TP-link, particularly the matter compatible wifi light switches. The model numbers are: S505, S505D, S515, P125M.
  • Serving different WPADs per subnet with Unbound

    host overrides unbound wpad
    11
    0 Votes
    11 Posts
    1k Views
    GertjanG
    @JonathanLee said in Serving different WPADs per subnet with Unbound: for Netflix not liking the HE ipv6 tunnel That was also solved with the help of pfBlockerng : [image: 1758778353680-eca53c7f-080b-4bc2-ab1a-cf4abc9e9f38-image.png] and enter all the domain names you don't want to be resolved as AAAA, only A. In my he.net days, this worked very well.
  • Why not a CNAME?

    8
    0 Votes
    8 Posts
    1k Views
    tinfoilmattT
    @johnpoz said in Why not a CNAME?: But I am not aware of anyway to dynamically change what fqdn a cname record points to other than via a API into the dns.. Or maybe you could script something with unbound-control. Agreed.
  • DDNS to Cloudflare

    3
    0 Votes
    3 Posts
    1k Views
    E
    @WN1X I'm on community. 2.8.0-RELEASE It was released in May.
  • 0 Votes
    2 Posts
    2k Views
    empbillyE
    Hello, Has anyone else encountered similar problems?
  • 0 Votes
    4 Posts
    2k Views
    C
    @Gertjan said in There was an error trying to determine the public IP for interface - wan (mvneta0 ). DDNS not working..: dig @127.0.0.1 checkip.dyndns.org +short Thanks for having a look! I have removed those wan-rules now. And here are some outputs: [image: 1758183115943-screenshot-from-2025-09-18-10-10-43.png] [image: 1758183115960-screenshot-from-2025-09-18-10-10-22.png] And: "That's a script I wrote years ago. Totally forgot about it. That web site and host name is 'mine' " you are a god!
  • Confused about DNS setup

    21
    3
    0 Votes
    21 Posts
    3k Views
    G
    @Gertjan That works perfectly thank you so much! Enabling DNS Query Forwarding seems to be the correct setting for us. I think what was throwing us off was the wording "or those obtained by dynamic interfaces such as DHCP". Obviously we can't have that. However the qualification "if DNS server override is enabled there", which it is not, so that just didn't apply. [image: 1758142364307-045a144c-7f19-4446-bea3-d346a86e5919-image.png] Now if I have a DNS address specified it works, and if that server is unreachable for any reason it doesn't. That is what I want. Again thank you so much. I can now move on to step 2 +++ ;) We will take further steps to deal with DoT and DoH as you and others have mentioned.
  • After restart, Unbound DNS Resolver don't work

    13
    6
    0 Votes
    13 Posts
    3k Views
    C
    @Luca-De-Andreis said in After restart, Unbound DNS Resolver don't work: @Unoptanio Yes, its true. Setting ALL:ALL the DNS works correctly from system restart without manually restart daemon (after reboot) ! I've just tried now. Wow, just tried this too and after years of dealing with it - it's fixed. Thank you!
  • DNS Issues After Upgrading to 25.07

    23
    0 Votes
    23 Posts
    5k Views
    K
    Hopefully this isn't an ongoing bug because it's pretty crippling.
  • Crash report

    3
    0 Votes
    3 Posts
    303 Views
    P
    @Gertjan said in Crash report: @pf_ltu said in Crash report: kea2unbound If you are using pfBlockerng, then here is the solution. SOLVED thank you @Gertjan
  • DHCP server suddenly off

    3
    0 Votes
    3 Posts
    2k Views
    F
    @Gertjan Thank you, I look through the last 500 entries in the log and there was nothing but repeat entries, nothing about starting and stopping the dhcp server, only the one you see where I started it again. Thank you for pointing out thisight be an old bug, I will update as soon as I can.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.