@netblues Yes my LANs are messed up and I am investing time to learn VLANs and hopefully sort this mess out. Thanks.

@gertjan said in high memory usage of unbound process: TNX gertjan for your reply, I DNSBL and restart the service ! ... It's OK now ... I dont know what happens to unbound but I re enable the DNSBL with no problem...

Thanks everyone for the help! Removing the aliased VLANs and firewall rules cleared the issue.

Just to point out/restate the usage case, Windows Server DHCP reservations are within the DHCP range. We have used this many times to assign a reservation to a PC or printer without having to reconnect PCs to the new printer IP or interrupt the user (close open files, or reboot or whatever). It is less intrusive to the user. The different points of view here I think are "keep things working as they are already" vs "when one sets up the network, plan for this in advance" which are both valid points. Mostly it's been a non-issue for us since for any Windows domain network we use their DHCP.

@bingo600 Tx guys,... some great responses,.. I understand the issues much more now,.. ( its really nice to have these things explained )... I think I will drop the 'DHCP registration',.. and go for the static DHCP registration,.. as other folks have said,.. the number of hosts I actually access by name is quite limited,.. certainly not the full list,... But thanks guys,.. really helpful..

@Gertjan Sorry i was a little drunk when i was posting to get this figured out last night. The reason for the isp call was to see if there was any intermittent issues on their end and to see if there was an issue with signal coming into the modem, not to check the color of my hair so to speak lol. Not sure why i typed server reboot... i lost connectivity /laptop died becasue i forgot it wasn't plugged in when i was updating docker containers on my server and the updates hung, which just so happened to be updating the containers for pihole and unify. Naturally i started there and ended up doing a full reintall of both of those dockers in case one of them was corrupt. In doing so i also rebooted the Modem, firewall, switch, and server(which houses said containers). When i rebooted the modem it pulled a new ip address from spectrum which i didn't catch until later and after checking everything i started to lean back to the firewall of causing an issue as i had done a few changes in rules last week which happened to also be dns rules to allow a fallback to cf dns if pihole was unreachable. I rolled back to a known working backup but it didnt fix the issue. Just realized i was being a complete idiot after reinstalling pfsense. Back to pfblocker i go.

@johnpoz @Rod-It Just thinking this over again. A while back I tried to mount a USB wireless NIC to my pfSense VM. I tried using both Windows Internet Connection Sharing and bridging in both Windows and pfSense, trying to create an wireless access point. The exercise failed, but maybe bridging is the the cause.

@jknott I'm not sure I would call it struggling :). The point is that I wasn't sure what I was asking for. I knew what I was asking about but not if there was anything to solve this kind of a problem so had no terms or ways to explain it. No more complicated than that.

@johnpoz said in Unbound: DNS request timed out for two requests, then returns Non-authoritative answer: there is no wireless involved in these sniffs right.. Clients are all wired? You mention other switches. Could you lay out the physical connections are clients connected directly to the managed switch, or are there some dumb switches involved? Really like to see if linux clients show the same duplicate packets from the server response. Where the linux clients are all connected to the same switch(es) as the windows ones. Possible something doing something odd with dns?? But I would assume that would have to be something only a managed switch might do, or wireless.. No, I have wireless devices on the network. The issue happens on both wired and wireless clients, as long as they are running Windows 10. The previously sent sniffs are from all wired clients, however. I can map out the network architecture as well. Yes, there are two unmanaged/dumb switches being used as well.

@androgen said in assigning the device to a VLAN using DHCP?: Netgear Gigabit ProSAFE Plus Hi, I know this i an old topic and you may already have changed your infra, but I have similar setup and also using Netgear Gigabit ProSAFE Plus. My netgear has 4 tagged vlans (plus untagged native 1) on all ports and I have solved your issue by creating a virtual interface on the wired client (macbook) and fixed it with desired vlan tag. This way your dhcp queries get out tagged and pfsense leases the IP from correct dhcp pool. The physical interface on MacBook was still pulling the IP from its native net (tag 1), but I just disabled it. It is not a typical setup scenario, but works for anybody that's running out of ports and doesn't feel like buying another/new switch... Cheers,

This was just spam, he just came to say "thanks" and link to same spam site. Sorry dude be we are not going to let you post up links to such a spam site.. Which you sure and the F were never working on or hosting, etc. The url he listed is spammed all over the place - anywhere they can.. How to take pictures of my website with link, scholarship sites, they are providing scholarships my ASS.. etc. etc.. This screamed spam from the get go, but still gave it the benefit of the doubt.. You want build seo for your crap site, do it elsewhere!! Only reason I left the thread at all - is the question is valid.. Even if trying to be used for spamming their website url all over the planet..

There are some Problems with WPA Auth Timeout/Fail? Update to the latest Controller an AP Firmware and Upgrade iOS Devices. That works for me, but i use only 10 VLANs and 4 SSIDs with 3 APs.

@heper Updated.

@johnpoz You are right, I was focused only on the DNS resolver docs page when posting that. Found out the recipe a bit later too, conflicted with some other blog post post, got a separate topic for that. Thanks!

How were you able to access the console if address 192.168.1.1 did not ping? I'm in the same situation and since I just got the box I will just factory reset it, but it might be helpful for other folks to know.

Yep, the "domain overrides" function in the DNS Resolver settings allows you to input a domain name and the DNS server that you want to resolve hostnames for that domain. So you could input the domain name for your ISP, and any hostname queries within that domain would be directed to that DNS server, instead of going through the normal internet resolution process.