• Adding Custom Configuration in Kea DHCP Server with pfSense+ 25.03

    Pinned
    26
    4 Votes
    26 Posts
    10k Views
    G
    @Gertjan Thank you brother. All you suggestions worked great. I joined the forums just to tell you so.
  • HEADS UP: Be aware of Trusted Recursive Resolver (TRR) in Firefox

    Pinned
    85
    17 Votes
    85 Posts
    57k Views
    kiokomanK
    @Bob-Dig idk it's not my phone, if it's "Private DNS" settings than it was probably on by default, my family does not know what dot / doh is @johnpoz exactly
  • KEA Multi-Threading - reduce number of threads

    4
    0 Votes
    4 Posts
    32 Views
    S
    @4o4rh It shouldn't really be using notable CPU. A guess, are you seeing kea2unbound usage? Set pfBlocker to python mode.
  • DDNS can not fiqure out my WAN IP Address

    ddns cloudflare comcast
    7
    2
    0 Votes
    7 Posts
    115 Views
    S
    @jake9wi I'm glad that worked. I just went through hell to figure that out myself. It seems to be a new problem caused by a recent update. I'm not sure why some have the issue and others do not.
  • ISC vs KEA - KEA always wrong

    18
    4
    0 Votes
    18 Posts
    683 Views
    U
    @Vollans Nice!
  • DHCPv6 on LAN offering IPs from different interface

    4
    13
    0 Votes
    4 Posts
    99 Views
    A
    @Gertjan Yep, good call. Done! I do think the behavior I saw in the original post might be a bug, though.
  • Unable to configure DHCP

    3
    1
    0 Votes
    3 Posts
    29 Views
    AndyRHA
    @kj32 PEBKAC - Interesting, I always say it is a picnic.
  • DNS resolver failed to resolve some addresses

    13
    0 Votes
    13 Posts
    144 Views
    M
    @SteveITS Yes, I just checked it's disabled. I must have disabled it since the troubleshooting began. I haven't touched it since.
  • Change IP to Static Using pfSense?

    14
    1
    0 Votes
    14 Posts
    105 Views
    johnpozJ
    @nasheayahu said in Change IP to Static Using pfSense?: and where did this user How set static IP for LAN Client in Pfsense get these column's from Looks like that post is from Updated on July 31, 2021 So yeah those screenshots are from an OLD version.. Now normal leases show their start and end time.. [image: 1760129920623-oldleases.jpg] And reservation would show na for start/end Those are old leases in my screenshots - like I mentioned most everything on my network has a reservation. That green up arrow just means that devices is currently in the arp table - so online. If it falls out of the arp table then pfsense would mark it with a down arrow, neither of those for sure 100% mean the device is online or offline - just means its either in the arp table or not.. The arp cache on pfsense expires by default 20 minutes.
  • 0 Votes
    9 Posts
    67 Views
    S
    @Gertjan steaig copy from pfSense. I'll post a screenshot when I get back home for proof
  • 0 Votes
    5 Posts
    3k Views
    S
    @cs08 I just encountered this issue and the root cause was the gateway monitor IP. I set it to 8.8.8.8 and the Check IP Service now works and the Dynamic DNS Clients are updating like they used to.
  • This topic is deleted!

    6
    0 Votes
    6 Posts
    83 Views
  • Unbound issue when set in resolving mode (pfSense Plus - crashing?)

    3
    0 Votes
    3 Posts
    86 Views
    GertjanG
    @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): pfSense is plus version 25.07.1 ? That means that you and me use the same binaries, our programs, libraries, kernel drivers etc are all identical. To make live easier : let's presume your CPU, RAM etc are ok. What's left to check ? I see two points : You've added a layer of abstraction for your own convenience : a VM, which is a system that is, by itself, way bigger as 'pfSense'. Bigger system = more chances something goes wrong. A solution to exclude the VM as an issue : exclude de VM. The difference between a work DNS (unbound) and a not working DNS is most often : the settings. Not only the DNS settings, but also, for example, what interfaces are used. Btw : @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): If I set unbound in forwarding mode Forward : instead of sending the DNS requests to one of the official DNS Root name servers - this is called resolving, you send DNS request to another resolver. Both modes do more or less the same : sending requests to a remote server. I'm very sure that this works very well, as millions of copies of unbound do this a thousand time per second for many years now ^^ If you want that unbound tells you more about what it is doing, you can ask it to do so. For example : [image: 1759919398864-0946cc8a-043f-4e0d-ba36-93e6fa3e836b-image.png] Be ware : this new log should be a temporary settings as higher log levels produce more logs lines. For example, the query level produces log line for every incoming (from pfSense, or one of your LANs) DNS request. @m80s said in Unbound issue when set in resolving mode (pfSense Plus - crashing?): ignore local DNS resolution Can't happen ^^ Resolving : Example : www.facebook.com : First : unbound contacts one of the big 13 (the root name servers), probably the closest or fastest one, and ask it if it has an IP of the Top Level Domain server (TLD) that handles the dot com's (.com). Of course it has one nearby for you, and thousands exist. Now it has the TLD server IP that handles the com top level domain, it will ask this server if it can give all de domain name servers IPs (at least 2) of "facebook.com". The TLD hands over the list of all these facebook domain name servers. Now unbound picks one of the domain name servers, and asks it : what is the IP of "www.facebook.com". The answer comes back, and unbound sends this answer to the device that request "www.facebook.com". As you can see, you can not resolve locally. A contact with at least 3 different remote servers is needed. Also : the list with the 13 root servers is build into unbound. their IPs never change. All other answers are cached !! So a fist resolve might take some time (many ms) but subsequent requests will be served out of the local cache right away, as long as the answer is TTL permitted.
  • Dynamic DNS - Azure (22.01-RELEASE (arm))

    22.01 azure ddns netgate-sg-3100
    5
    0 Votes
    5 Posts
    1k Views
    M
    @cemyl95 Funnily enough, I came to the same conclusion just this weekend :)
  • 0 Votes
    11 Posts
    124 Views
    J
    Wow! Yall have been most helpful. Thanks!
  • Unbound Does Not Check Operating System Trust Store for DNS Over TLS

    10
    0 Votes
    10 Posts
    209 Views
    F
  • DNS Domain override not working

    8
    0 Votes
    8 Posts
    635 Views
    I
    @patient0 thank you for pointing me to the right direction for troubleshooting as a side note it seems that I am able to keep System Domain Local Zone Type: static by marking the specific domain as transparent in the DNS Resolver Custom options via server: local-zone: "m.internal.domain.com." transparent it seems working so far
  • DNS stops responding to queries

    7
    0 Votes
    7 Posts
    2k Views
    A
    @EngineerSB do you have such Entires in the system log? kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (267 occurrences), euid 0, rgid 0, jail 0 kernel sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (179 occurrences), euid 0, rgid 0, jail 0 ...
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    33 Views
    No one has replied
  • Kea DHCPv6 and clients with unstable IAID

    3
    0 Votes
    3 Posts
    711 Views
    R
    @Gertjan said in Kea DHCPv6 and clients with unstable IAID: @rolfl said in Kea DHCPv6 and clients with unstable IAID: by adding /usr/local/lib/libdhcp_flex_id.so to ... wouldn't that be : /usr/local/lib/kea/hooks/ for pfSense ? I found some kea libraries there. Correct, I must have been copying from a google search. Regardless, the file isn't there. I you could find a pre build "libdhcp_flex_id.so" (build against FreeBSD 15.x - light up a candle, and copy it in place) it might just work. PfSense is using Kea 2.6.2. Apparently pre 3.0 Kea had this library as a premium feature and requires a token to enable it. Btw : just to be sure : these devices use Wifi, right ? So it could be the wifi that 'breaks' every 10 minutes, so a DHCP initial 'boot' request will get emitted every time ? That stull doesn't expmlain why the IAID is randomized like that. I have checked unifi logs for the devices and there is no evidence of disconnect/connect behavior for wifi. If this isn't the case, why not mentioning the device by type, serial number, brand etc ? So we will all know what device not to chose at any cost, as it is known that every constructor out there wants to break IPv6, and some of them are doing a great job. I did mention that the brand was TAPO / TP-link, particularly the matter compatible wifi light switches. The model numbers are: S505, S505D, S515, P125M.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.