yup, thats where i saw it.

guess next time ill dig a bit deeper before bothering you pros ahah

@sunnyg said in How to configure pfsense as DNS server for 2nd LAN connection:

Enable Static ARP

Magic 😉

Thanks for your help, it seems that there were two things holding me up (if anyone else is in the same boat).

HTTP health checks were enabled and not configured so it seems pfSense was detecting my backends as offline therefore not pointing anything through. Second thing was my firewall rule for this was completely wrong and should be as @johnpoz has indicated.

Now that I am able to point frontend to back for HTTP traffic, what is the ideal method for setting this up for multiple custom ports?
The schenario would be as follows:

sub1.domain.com-> 10.0.0.1 (ports 20, 30)
sub1.domain.com-> 10.0.0.2 (ports 20, 31) *note this has a service running on port 31

I setup some port alias's for each, however it seems that the HAProxy package won't acknowledge the input of alias's.
My thinking in doing so was that in some cases, multiple hosts might have the same services running on the same ports, but different hosts.

So then, I assume there would be some manual setup for each host, is that correct?

If so, is it as simple as adding these additional ports to each backends?

Thanks for your help @johnpoz much appeciated.

what i've done @jimp

ssh in as root (not as admin) --> 16 (restart php-fpm)

tried config resolver again ! ---> worked !

so solved ! thx

next step fixin my multiWAN mess ;)

I would put a "smart" switch between the WAN interface and the modem and monitor the traffic on the port connected to the modem and mirror it to a laptop running wireshark and see what it thinks about the DHCP being exchanged.

@limez17 said in DHCP Service is not Starting:

Jul 23 14:22:40 dhcpd /var/db/dhcpd.leases line 0: whitespace too long, buffer overflow.

What do you find a that lease file ?

You should sections like this :

lease { interface "em3"; fixed-address 192.168.10.2; option subnet-mask 255.255.255.0; option routers 192.168.10.1; option domain-name-servers 192.168.10.1; option domain-name "home"; option broadcast-address 192.168.10.255; option dhcp-lease-time 86400; option dhcp-message-type 5; option dhcp-server-identifier 192.168.10.1; renew 5 2020/7/24 02:09:50; rebind 5 2020/7/24 11:09:50; expire 5 2020/7/24 14:09:50; } lease { interface "em3"; fixed-address 192.168.10.2; option subnet-mask 255.255.255.0; option routers 192.168.10.1; option domain-name-servers 192.168.10.1; option domain-name "home"; option broadcast-address 192.168.10.255; option dhcp-lease-time 86400; option dhcp-message-type 5; option dhcp-server-identifier 192.168.10.1; renew 5 2020/7/24 14:09:50; rebind 5 2020/7/24 23:09:50; expire 6 2020/7/25 02:09:50; } etc

Strange is that the DHCP server creates and maintains this file.
It should be able to read it back in.
What does it put in this file that it can't read back ?

better late than never 😀

Alright. I solved this by using RZP. See my SuperUser question (https://superuser.com/a/1571028/739947) for more details.

@netblues I'm pretty I can't yes, so far the only thing I could change about the NAT configuration was the network IP and Gateway.

Yeah it'll do juste fine. Thanks anyway !

@JKnott I have duplicated the thread by mistake. Sorry.

@JeGr
Thanks for the info. I am going to try to configure a new interface in the FW and connect this new interface to the switch master, to interconnect with all the switches.

@jimp said in Need to use DHCP Relay AND Server on the same pfSense setup, no L3 switch at disposal:

but it's a lot of effort for minimal benefit.

Exactly... What 1 user out 50k might have use of this.. And at that they just too lazy or cheap to do it correctly on their L2 infrastructure...

Ok, I have found why ....in "Router Advertisements" you need to chose some mode in " Router mode".

Double check next time ☺

Thanks for that... I had seen the DNS hostname boxes, but must've missed the text below indicating that they're related to DoT. Something might want to be mentioned on the DNS Resolver page at the SSL/TLS checkbox too, that for best security the hostnames for the servers should be entered on System > General.

@subterminal
Do you get it resolved if you use dig or nslookup?
With these tools you also can verify which DNS server is requested.
So what do you get back?

/var/unbound: cat unbound.conf | grep -i trust auto-trust-anchor-file: /var/unbound/root.key

I had a huge issue today w/ armstrong cable, they blocked dnssec for about 40mins today (i have pfsense @ multiple locations). I could not even forward requests. I am back looking at, and remembering unbound dns.

DNS Forwarder worked great.....does it even do DNSSEC?

I was trying to figure out if they were blocking just root servers, or all dns sec when it seem to come back online.

Does anyone know why pfsense does not use a root.hints file? It seems like I must make sure I update pfsense so my root servers are correct?

@mdfavionics said in Continual DNS Traffic:

I've tried several blacklists of the pizzaseo.com domain and several of the IP's. The traffic continues.

Hi,

if your DNS system (Unbound) is well configured and pfBlockerNG-devel as well..
then you need to get this, as output:

9c234ced-7bed-4831-b52e-2c65f327bd90-image.png

BTW:
uploaded images are not of good quality (so many things not to see)
and they really aren’t even relevant, as here’s the issue with DNS settings + pfBlockerNG or routing, etc.

Ok thanks, I have try to modify the config.xml too, but there is only the dhcp reservation, not the network mask on this file.
I have to use option 15. I hope I've got this option ^^
I will try. Thanks