@roncbk
I'm not familiar with IPSec on pfSense. As far as I know this should be realizable with "Routed IPSec" on pfSense 2.4.4 and newer.
Possibly open a new topic for asking that.

Well you can disable rebind completely in the gui, just not under unbound. But for specific domains that you might want to set as private.. I would assume they allow for more free form entry with the option box.

Hello!

For reference :

https://www.freebsd.org/cgi/man.cgi?query=dhclient-script&sektion=8

What does the WAN section of Status -> Interfaces look like when it says the interface is up but there is no IP?

John

If me I would block of that nonsense... There are lists of the IPs used by the doh providers, and setup your dns to resolve all the different fqdn they use to something specific.. And then log all clients trying to look that shit up - then go smack the user upside the head..

Or just block their IPs from using anything on the internet ;) Or shape it down to like .1mbps - oh your internet is slow, let me look into that ;)

@jimp Thanks for the information,. I'll give router only for a few days and see how that pans out, otherwise I guess I will stick with Asssisted.

The meanings are kind of muddied by loose usage but typically they should be:

DNS Server - An authoritative DNS server which answers queries about domains for which it holds authoritative records. This is the kind of DNS server you'd find at a hosting facility, for example, with DNS records for a site like, say, example.com. DNS Resolver - Takes queries from clients and uses the root servers and other authoritative servers to find the answers directly. This is (sort of) the kind of thing you see at ISPs or places like Quad9/Google/CF which answer public client queries. (Though the ones clients hit may actually be forwarders, not resolvers) DNS Forwarder - Takes queries from clients and forwards them on to another forwarder or a resolver.

dnsmasq is only capable of acting as a forwarder, so pfSense calls it a forwarder.

unbound is capable of acting as a resolver or a forwarder, depending on the configuration, but its default role is a resolver, so that's what it's called in pfSense.

bind can be any of the above depending on the configuration. Though it's typically considered "too heavy" to be used for forwarding and resolving roles, it does provide some features which can be useful in more complex scenarios.

Maybe you put that in the Client Identifier field (which is not a description)?

https://redmine.pfsense.org/issues/10295

Hello!

There is a cron job that runs once per day to update the ddns:

1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update

The output in Status -> System Logs -> System -> General might look like:

rc.dyndns.update: phpDynDNS (fubar.ddns.net): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.

Search the log for output from rc.dyndns.update to see additional information about the process.

There are ways to programmatically force an update before 25 days that can be found through a forum search.

John

Thanks noplan for replying, yes that is the best option. thanks.

I don‘t have this enabled and it works like a charm. :)

Right, but it only breaks when DHCP Reg is enabled! So somehow it's escaping from the chroot jail.

Just do yourself a favor and stay away from the tplink switches... Whole thing that went on for 2 years or so them not actually understanding how vlans are suppose to work, and didn't allow you to remove vlan 1 from ports you wanted to put in a different vlan.. While they suppose to have fixed it in their later models and firmware.. I would just get some other brand - the netgear and dlink ones work.. I have both of those low end models never saw any problems with them actually isolating vlans.

If your budget is higher than cheapest you can do this, there there are some much better switches you could get ;) If you have like 200 to spend - yeah some really nice switches ;)

@volfied said in Nintendo won’t take static IP:

What I’m really trying to do is assign a DHCP reservation from outside the dynamic pool. It has always worked before.

That's how it normally works. pfSense will not allow you to assign an address from within the pool.

@Gertjan Having this issue again; can't resolve.org domains:

; <<>> DiG 9.10.6 <<>> wikipedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30520
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wikipedia.org. IN A

;; Query time: 7 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat May 30 07:00:10 EDT 2020
;; MSG SIZE rcvd: 42