@viragomann Thanks for the confirmation. Since this is a static IP I worked around by assigning it manually on the Ubuntu box which seems to be working for now!😇

If you want to block Telemetry Data as well here is what you would add... Blocked Microsoft Domains for Windows Update.png

Ahh that's that I've been looking for, thank you very much

@teamits said in Local DNS Not Resolving:

Is your browser using DNS-over-HTTPS (DoH)?

Using some destination IP, using some destination port , so it will flow right through pfSense, with a nice advantage : DNS will nearly always just work without any user interaction needed.
pfSense can't even see the traffic as it is TLS point to point - and the MITM-DNS has been invented yet.

or : pfSense is set up as a DoH server, using it's port 853 set up on LANB, and the browsers and any other service on any device on LAN is set up to use DoH instead of the classic DNS : in that case @Lrayh82 would be an DNS expert. DNS experts do not tend to have DNS problems ^^
Btw : DoH over your own local network : some severe degree of being paranoid is needed.

@Lrayh82 said in Local DNS Not Resolving:

I have a strange problem

The (a) solution is simple : when you installed pfSEnse, DNS was working just perfect. As it works out of the box. If issues exist right after installing pfSense,n your DNS issues are up stream.
So : easy : set your DNS settings back to the default ones, and you'll be fine.

@Lrayh82 said in Local DNS Not Resolving:

the "Register DHCP static mappings in the DNS Resolver" checked.

This is default setting . As said above : : it's a part of the perfect DNS plan ^^

This might be the exception :
efd0a1d5-323b-4643-91e8-1d990f8bbfb3-image.png

There are reasons to disable this option.

If you set up your pfSense like this :

8c46d25e-9b2f-4f88-a9f6-4654e339ee81-image.png

then you can access the GUI it like this :

( if you use the default https 443 port)

@NogBadTheBad The default route is my WAN interface
My WAN IP is blurred
VPN ON.jpg
The client VPN is on ovpnc6

did you change Log Level from Level 1 to something else? they appear to be only stats and info

Services / DNS Resolver / Advanced Settings

Select the level of detail to be logged. Each level also includes the information from previous levels. The default is basic operational information (level 1)

I think the problem is solved, changing Outgoing Network Interfaces from All to WAN and LAN did the trick.
Need some more testing now but looks good so far.

-Rico

yup thats where - scroll down and the custom option box lets you put in any sort of record or other options you want..

Just need to start off with server:

options.png

Results are unpredictable with two DHCP servers that are not specifically designed to server the same broadcast domain being on the same broadcast domain. You will need to fix your switching before doing anything else.

Yeah but blocking dns to any outside dns via 53 is very easy to block.. But when they sneek it out via common (pretty much the whole internet) port of 443.. Blocking it becomes a whole new problem

While dot is easy to block as well, since it use 853..

Where the real problem is going to happen is when they have hardcoded stuff like dns.domain.tld and also a list of ips to try because the doh server is being hosted on CDN.. Which every changing IPs, and IPs that are used to serve up content you want to allow..

It's going to become a real nightmare if you ask me.

Solved the logging issue. I did not yet test connectivity.

I added specific rules for port 67 and 68 on the LAN interface for that specific network except have to allow outbound on 68 to anywhere because it’s broadcast. That caused the traffic to appear in the logs.

I do not understand why the catch-all deny rule didn’t show the traffic. I had it set to capture any port, protocol, source, destination and log it.

Does anyone have the dhclient.super.txt file that Mr.Goodcat attached above? It seems to be gone from the forums, I can't download it anymore.

Possible Solution for Those Who are Using RAM Disk
If you are using the feature where /var is stored in RAM. This issue will arise if the /var folder is at capacity. To fix, go to System->Advanced->Miscellaneous-> RAM Disk Size and increase the RAM disk size so that it is not at capacity.

After you increase the size of the RAM disk, you need to reboot by going to Diagnostics->Reboot.

You can verify that you have enough space allocated by going to the Dashboard and then scrolling to the bottom of the System Information widget. You should give /var some wiggle room.

@serbus perfect! Thank you so much for helping me.

K we have 3 other VLans setup and the pfsense is running the DHCP servers for them.

0219a2d8-9edb-47f7-ac80-42125dc57e3a-image.png

The issue is that when I am on VLAN 100 and use a static IP I can connect to the remote office and dont get any disconnects. If i switch to DHCP for IP for VLAN 100 i can connect to the remote office but get disconnects constantly.

@DrPhil said in Can't seem to force OpenDNS:

I felt more secure before, tucked under my blanket of ignorance.

The world is happy/safe place - until you watch the news ;)