@Uglybrian said in ISC vs KEA - KEA always wrong: This may help or give you some insight. https://www.youtube.com/watch?v=hI8lnWF812Y That worked - I've managed to set the inverter to manual IP address, but it is still annoying me that at random it would get the wrong IP address with DHCP, which I'm not seeing with any other device on the network. It suggests a problem with the Solaredge DHCP stack, but the chances of getting them to listen and do anything about it is small. Needing a fixed IP address for a MODBUS connection is a fairly edge case for a domestic inverter.

@Gertjan Yep, good call. Done! I do think the behavior I saw in the original post might be a bug, though.

@kj32 PEBKAC - Interesting, I always say it is a picnic.

@SteveITS Yes, I just checked it's disabled. I must have disabled it since the troubleshooting began. I haven't touched it since.

@nasheayahu said in Change IP to Static Using pfSense?: and where did this user How set static IP for LAN Client in Pfsense get these column's from Looks like that post is from Updated on July 31, 2021 So yeah those screenshots are from an OLD version.. Now normal leases show their start and end time.. [image: 1760129920623-oldleases.jpg] And reservation would show na for start/end Those are old leases in my screenshots - like I mentioned most everything on my network has a reservation. That green up arrow just means that devices is currently in the arp table - so online. If it falls out of the arp table then pfsense would mark it with a down arrow, neither of those for sure 100% mean the device is online or offline - just means its either in the arp table or not.. The arp cache on pfsense expires by default 20 minutes.

@Gertjan steaig copy from pfSense. I'll post a screenshot when I get back home for proof

@cs08 I just encountered this issue and the root cause was the gateway monitor IP. I set it to 8.8.8.8 and the Check IP Service now works and the Dynamic DNS Clients are updating like they used to.

@jake9wi Try adding a valid IP to Gateway Monitor IP Navigate to System / Routing / Gateways and edit your gateway. You'll find the Monitor IP in there. I am using 8.8.8.8 but it can be any IP that you can rely on. Post back if that resolves the issue.

@m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): pfSense is plus version 25.07.1 ? That means that you and me use the same binaries, our programs, libraries, kernel drivers etc are all identical. To make live easier : let's presume your CPU, RAM etc are ok. What's left to check ? I see two points : You've added a layer of abstraction for your own convenience : a VM, which is a system that is, by itself, way bigger as 'pfSense'. Bigger system = more chances something goes wrong. A solution to exclude the VM as an issue : exclude de VM. The difference between a work DNS (unbound) and a not working DNS is most often : the settings. Not only the DNS settings, but also, for example, what interfaces are used. Btw : @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): If I set unbound in forwarding mode Forward : instead of sending the DNS requests to one of the official DNS Root name servers - this is called resolving, you send DNS request to another resolver. Both modes do more or less the same : sending requests to a remote server. I'm very sure that this works very well, as millions of copies of unbound do this a thousand time per second for many years now ^^ If you want that unbound tells you more about what it is doing, you can ask it to do so. For example : [image: 1759919398864-0946cc8a-043f-4e0d-ba36-93e6fa3e836b-image.png] Be ware : this new log should be a temporary settings as higher log levels produce more logs lines. For example, the query level produces log line for every incoming (from pfSense, or one of your LANs) DNS request. @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): ignore local DNS resolution Can't happen ^^ Resolving : Example : www.facebook.com : First : unbound contacts one of the big 13 (the root name servers), probably the closest or fastest one, and ask it if it has an IP of the Top Level Domain server (TLD) that handles the dot com's (.com). Of course it has one nearby for you, and thousands exist. Now it has the TLD server IP that handles the com top level domain, it will ask this server if it can give all de domain name servers IPs (at least 2) of "facebook.com". The TLD hands over the list of all these facebook domain name servers. Now unbound picks one of the domain name servers, and asks it : what is the IP of "www.facebook.com". The answer comes back, and unbound sends this answer to the device that request "www.facebook.com". As you can see, you can not resolve locally. A contact with at least 3 different remote servers is needed. Also : the list with the 13 root servers is build into unbound. their IPs never change. All other answers are cached !! So a fist resolve might take some time (many ms) but subsequent requests will be served out of the local cache right away, as long as the answer is TTL permitted.

@cemyl95 Funnily enough, I came to the same conclusion just this weekend :)

Wow! Yall have been most helpful. Thanks!

@patient0 thank you for pointing me to the right direction for troubleshooting as a side note it seems that I am able to keep System Domain Local Zone Type: static by marking the specific domain as transparent in the DNS Resolver Custom options via server: local-zone: "m.internal.domain.com." transparent it seems working so far

@EngineerSB do you have such Entires in the system log? kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (267 occurrences), euid 0, rgid 0, jail 0 kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (179 occurrences), euid 0, rgid 0, jail 0 ...

@Gertjan said in Kea DHCPv6 and clients with unstable IAID: @rolfl said in Kea DHCPv6 and clients with unstable IAID: by adding /usr/local/lib/libdhcp_flex_id.so to ... wouldn't that be : /usr/local/lib/kea/hooks/ for pfSense ? I found some kea libraries there. Correct, I must have been copying from a google search. Regardless, the file isn't there. I you could find a pre build "libdhcp_flex_id.so" (build against FreeBSD 15.x - light up a candle, and copy it in place) it might just work. PfSense is using Kea 2.6.2. Apparently pre 3.0 Kea had this library as a premium feature and requires a token to enable it. Btw : just to be sure : these devices use Wifi, right ? So it could be the wifi that 'breaks' every 10 minutes, so a DHCP initial 'boot' request will get emitted every time ? That stull doesn't expmlain why the IAID is randomized like that. I have checked unifi logs for the devices and there is no evidence of disconnect/connect behavior for wifi. If this isn't the case, why not mentioning the device by type, serial number, brand etc ? So we will all know what device not to chose at any cost, as it is known that every constructor out there wants to break IPv6, and some of them are doing a great job. I did mention that the brand was TAPO / TP-link, particularly the matter compatible wifi light switches. The model numbers are: S505, S505D, S515, P125M.

@JonathanLee said in Serving different WPADs per subnet with Unbound: for Netflix not liking the HE ipv6 tunnel That was also solved with the help of pfBlockerng : [image: 1758778353680-eca53c7f-080b-4bc2-ab1a-cf4abc9e9f38-image.png] and enter all the domain names you don't want to be resolved as AAAA, only A. In my he.net days, this worked very well.