Did you somehow manage to get a separate DHCP server serving both 172.20.24.0 and 172.20.25.0 since both are included in 172.20.24.0/23?

Are you sure your Layer 2 is properly separating the broadcast domains?

@jobin said in DHCP Client not assigning the Auto IP:

As I know, if there is no DHCP server in the network the DHCP client should assign an Auto IP in the series 169.254 according to the Zeroconf logic

That depends on the OS. Windows does that, but Linux doesn't, at least not in my experience.

That would be a domain override, setup a specific domain override(s) that point to the NS you want to use for the domain your hosts are in.

@jknott said in source loopback dest loopback:953. Have I misconfigured something?:

rndc — name server control utility
It has something to do with BIND.

As stated in original post, I'm NOT using Bind.

@gertjan Thanks for the reply. Sorry, I am not entirely sure what you are asking me to do here. I re-enabled the default check IP service.

The issue is posted here finally
https://forum.netgate.com/topic/140021/dns-resolver-host-override-not-working/21

You'll need to force the client to release the address. I'm not sure on CentOS, but probably something like dhclient -r eth0 where eth0 is whatever your NIC actually is there.

That's a question for ISC-DHCPD :-)

I have a vague recollection of noticing that before and trying to find out but I can't remember the result. It doesn't really matter, though. It's all dynamic so neither the client nor server should care about the order.

@jimp said in DNS flag day:

Even if we pull in Unbound 1.9 the day it's released, it would go into the dev version not a release, so there will be plenty of time to test things when that happens.

Exactly... But when that does happen some mention of the change might be a good thing.. Since Im with Grimson here if something fails to resolve no matter that the reason is upstream or unbound, etc. They will blame pfsense - they always blame pfsense ;) So having an official announcement about the changes that come with unbound 1.9, or Bind when it rolls into pfsense would be nice to point the users that try and blame pfsense too..

resolved, thank you...
confirm that must enable DNS Forward and put to host override the nat ip internal

thank you

Update: i can now ping from PC2 and can reach PC1 but i cant ping from PC1 to PC2

It's not a conflicting network, it's on the same interface! And it will just let me assign the same IP to multiple devices, and those devices will get that IP from the server and it will cause issues then as you have a conflict then. If it wouldn't be on the same network or a static IP that hasn't been acquired by DHCP would conflict that's clearly something that can't be prevented in software, but making the DHCP server give 2 devices on the same network the same address shouldn't happen without a warning that you might be doing something wrong there.

Works now!

Thanks for the help.

Hello

It seems to work until i reboot pfsense

Ok. So. By using my 30.10.10.in-addr.arpa and assigning my PDC's ip address (which I calles the SDC reverseLUZ Spoof), and assigning that same ip to my.domainname.tst (SDC DNS LUZ Spoof) i lost 7 of the 9 BPA flags.

The last two I will solve later but since there is a list of system DNS servers usable both on WAN and LAN interface i have to figure out which one is seen as first and which one second.

But most and for all little devil: yes! It can be done. It might not be advisable for obvious reasons, but yes, it can be done!

Best choices are:

Fix your local DNS so the hostname resolves to the local address of the web server and not the firewall. (Split DNS) Enable NAT reflection so requests to the external IP address:port are redirected into the local server (not ideal, but still works) Setup pfSense with HAProxy so it acts as a proxy instead of only performing NAT functions (more complicated, more room for error, but also works around the problem)

Have been using Cloudflare with DNS over TLS for a while and very happy with the performance. Added the Google public DNS servers yesterday as well, but when looking at the DNS Resolver statistics, the Cloudflare servers appear to perform somewhat better. Has anyone done any comparison testing? Thanks in advance.

So your clients don't ask pfsense for anything? If your clients are not using pfsense, then sure you could not run any local cache be it the forwarder or the resolver.

Just to let you know that since there is no local caching NS running, when pfsense goes to query stuff in your alias every 5 minutes whatever is returned would not be cached for the TTL of said record, and would have to be be queried for again most likely.. So every 5 minutes you would be doing external queries for everything in your aliases... Vs say looking up something, and then having the local service caching it for the length of the TTL before having to be queried for again.

Even if your clients are not using pfsense for name services, prob best to run either the resolver and forwarder so that aliases being used can be cached, and pfsense can cache its own needs - ie checking for updates and packages.

Are you using dhcp services on pfsense? If you just point pfsense at some external dns - it would not even be able to resolve local hosts either via dhcp entries being placed in the dns.. And would have no way of setting up specific forwards for domains to be able to find your local stuff.