Thanks a lot that was usefully to me

Several questions back :

Why all the packages ? All the VPN's ?
Who is the user setup ? This is a router/firewall : the build user 'admin' will do just fine. A router is not a central meeting place.
As you can see, the "127.0.0.1" has no answer for any existing hostname, For me, all your test hostnames resolved just fine.

I advise you to tack a huge step back.
Save your config, and go back to default.
Take the initial setup as a reference : as it has one huge advantage : everything works. Especially DNS.
You do not need / should not add 24.225.128.24 / 24.200.0.2 / 24.55.0.19 / 1.1.1.1 / 1.0.0.1 except if you have your very special private reasons (making you an expert - the one that never asks questions because he "knows").

When all works fine, add, for example, one - just one - VPN. Test it, leave it some days. Check the logs for any entries you can't explain for yourself.
Then, do a next step. And again, take your time.

As soon as something goes bad, you will have that one-click solution to get back to a stable, working situational.

Btw : stay away form 'heavy' packages.

Btw : check your ISP / ISP equipment, like the upstream router.
this is bad to start with :

1c4c811d-fddc-4315-bd62-5938033e2d9f-image.png

@viragomann
ah ok i kinda think i understand..
so WAN IP on my local network doesnt work.. ok

i cant test another browers on my sisters network Unraid doesnt offer another Doctor just firefox and that unraid the computer cant support VMs... but ill try my cell phone good thing i still have some data as internet on a cell phone is too expensive in canada.. so i stick with DSL... but ill try

sooo not use domain but use the Host override... ill try that... and host override takes the dns name and makes sure it goes to that IP address right?

ugh i cant post my reply i cant figure what this damn Spam is in my reply that is flaged as spam in my explaination ugh.. so i cant explain anything i got along comment message questions
but i cant post it..
and here was my settings general.PNG general 2.PNG

same issue with Russian WebGUI,
https://redmine.pfsense.org/issues/10742

@jimp said in DNS query to RBL blacklists return no answer:

Any address in 127/8 is loopback. Yes, 127.0.0.1 is the most common to find on a workstation but there may be others as well, anywhere in that range.

Only doing rebind protection for 127.0.0.1/32 is a bit of a dangerous/insecure assumption.

Thank you @jimp for the response. Is it possible to allow these 127.0.0.1/24 responses for one ip on the LAN and block it for all others?

@Cool_Corona It is still a candidate patch set subject to review acceptance.

@johnpoz Port 443 is forwarded to internal NGINX proxy setting in DMZ vlan. From GUEST vlan, i did a 'telnet wanip 443', and the port was not reachable.

At the risk of necroposting, there is a merge request for this problem [1].

[1] https://github.com/pfsense/FreeBSD-ports/pull/751

@riften Thanks

Thanks @jimp - I'm not sure how I missed that, it's obvious in hindsight.

DHCP is now working exactly as needed.

Ok, thanks.

As I said at the beginning of this thread : I'm using a remote bind server to do the rfc2136 - so I do have the tools ( dnssec-keygen on the bind server == not pfSense) that does the work for me.

@rayures has a point, that, I can't deny.

@securvark said in DHCPv6 enabled on LAN but serves VLANs too:

DHCP still seems to hand out pfsense IPv6 address as a DNS server

You can hand out whatever dns IP you want in dhcp.. That is different than getting an IP from dhcp server.

Out of the box pfsense would hand its IP address on that interface to its dhcp clients.

feature request created: https://redmine.pfsense.org/issues/10711

@Gertjan The device in the LAN is a PC, also tried with a mobile phone but same result.
IP, mask, and gateway of the PC are obtained by pfSense LAN's DHCP, the pc's ip's is within the LAN network which I configured as 192.168.2.1/24, starting the DHCP range at .10 and terminating at .200, the pc network adapter got 192.168.2.11 as ip, 255.255.255.0 as mask, and 192.168.2.1 as gateway/dns resolver which I believe is all correct and within the LAN.
The mikroTik you can see in the logs is there cause i tried to extend the LAN with this device to get wireless connectivity, but to prove it's not some external HW problem i connected directly to the network card two different PC's, same result, can connect to internet if i reach to an ip, but cannot resolve DNS's queryes.
If you need to know also the WAN connection comes from an external proprietary router DHCP, in which I setted a reservation for pfSense as 192.168.1.50 in a 192.168.1.1/24 network

I put all the logs you requested here
https://pastebin.com/vXEs7u7N

@mamsds said in Dynamic DNS support for EuroDNS not working:

As I understand, does it mean that it is pfSense which is not updating the certificate repository correctly so curl failed to recognized the updated certificate of EuroDNS? Also, my Firefox thinks the ssl certificate of EuroDNS server is valid.

You may search the pfsense forum there is a post where a user has modified the pfsense certificates. (/usr/local/share/certs/ca-root-nss.crt)
He has eliminated a expired certificate - be careful and make a backup before!

@techtester-m

Hi,

there are places where we use similar settings ...... purely CF (both DNS and time)
without any problems ..
(and was preceded by google (8.8.8.8) - that was no problem either

can you send PRTSCs from your settings(?) ... (NTP, resolver, general setup, etc.)

like these:
(of course it also sends these with 8.8.8.8, when it doesn't work)

816c7cec-3d5b-46f8-ac75-4faed2eaee12-image.png

1c3a333e-b346-476b-a18b-254b7d047d0d-image.png

803d18d0-c868-4950-a8ec-6c066cb0571b-image.png