Update:
I moved the AP to the switch that is closest to my pfsense router. I adjusted on my Netgear GS108Ev3 a free port to be (hybrid) untagged on VLAN5 192.168.5.0/24 and tagged on all the other vlans. I got it working by not placing a vlan tag on VLAN5 in the AP and putting a VLAN tag on the other VLANS in the AP.

Will move it back and check the other switches to confirm they are setup with trunks between switches and hybrid setup like about on the AP switch port.

My best guess as to what happened is my AP wireless on VLAN5 was set to vlan5 in the AP on that wireless which may not be the correct setting. It worked with older version of the software but broke after an update.

Can someone confirm if they think I have the correct setup with the hybrid switch port with VLAN5 untagged and no vlan set on VLAN5 in the AP? Thanks for everyone's help.

@johnpoz said in Split DNS problem with local web-server:

using pfsense for dns..

All users use pfSense for DNS in our LAN network.

I performed the steps you outlined and it works great!

Thanks again.

@Gertjan Thanks - I have switched to TLS and disabled DNSSEC.

@Grimeton said in pfSense can not resolving DNS records on Microsoft Domain Controller DNS zone.:

Windows itself usually tries to do a NetBIOS lookup via broadcast before it starts to go for a FQDN search, which can actually be a bit confusing.

Not according to this
https://support.microsoft.com/en-us/help/172218/microsoft-tcp-ip-host-name-resolution-order

Simple enough to test, just sniff while you look for something..

@johnpoz said in Diagnostic -> DNS Lookup 127.0.0.1 always 0?:

There could be some oddness in the how the gui displays that? Best to do from cmd line on pfsense... Just flush your cache to be sure and then lookup something..

example..

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig www.cnn.com ; <<>> DiG 9.12.2-P1 <<>> www.cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35371 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.cnn.com. IN A ;; ANSWER SECTION: www.cnn.com. 3600 IN CNAME turner-tls.map.fastly.net. turner-tls.map.fastly.net. 3600 IN A 151.101.185.67 ;; Query time: 190 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Feb 10 11:18:26 CST 2020 ;; MSG SIZE rcvd: 95

@johnpoz thanks for the tip. Yes, it works just fine from CLI even without clearing the cache. New queries give different times as expected on the first attempt.

Okay I understand the speech, if pfsense does only that I don't worry. I did as you said and changed the domain. Instead my configuration, which you can see in the screenshots, is correct? I have removed tls, and it would seem faster.

It is possible to do with a static config... You just need to set up the machines actual domain name and or search suffix..

A machine should always have a fqdn, not just a host name..

Your pfsense machine has a domain name, when you set it up.. defaulted to localdomain most likely.. This is common default..

domain.jpg

What is in the domain of pfsense is what would be handed out, when you leave it blank in your dhcp settings.

@NogBadTheBad Thanks! I did take a look at FreeRadius and had no prior experience of it so it seems like a steep learning curve but looks promising. I solved the problem my writing a manaul Google Spreadsheet from which I can copy and paste.
If you know of any easier resource for FreeRadiu newbie please post here - all the links I got in search were for more sophisticated use cases and my requirements are quiet simple.

the solution is in your 3d, it's almost a year that this ppl do not log on the forum.

i think you need the -k options
rndc -k /path/to/rndc.key retransfer <zone name>

i have installed it on my 2.5.0-devel just to test it

[2.5.0-DEVELOPMENT][root@pfSense.localdomain]/cf/named/etc/namedb: rndc -k rndc-key zonestatus test.home name: test.home type: master files: /etc/namedb/master/trusted/test.home.DB serial: 2581012914 nodes: 2 last loaded: Thu, 06 Feb 2020 18:23:59 GMT secure: no dynamic: yes frozen: no reconfigurable via modzone: no

the key is inside /cf/named/etc/namedb/rndc.conf

i just copied the key part inside a new file to use it with rndc
the content of my rndc-key is

key "rndc-key" { algorithm hmac-sha256; secret "blablablablablalbalblsablalblablaalbalablabala"; };

@jimp
😂, true.
That’s when an (Apple’s) feature becomes a bug 🐜

That is not relevant to pfSense. The problem stated in this thread is solved in our repository.

Thanks, doing this did the trick for me.

Using 2.4.5.a.20191216.1443.

@vahedifar said in client could not take dns ip from pfsense:

have intervlan routing
i wrote statice wrote for each vlans and define gate way

Maybe you should post in your native language section... Because this is going nowhere.. That is useless... I might as well ask you to fix my car, and when you ask me what is wrong I say its blue..

And when you ask what color I want it, I say well yeah it has 4 tires. But the color is fine.

@JKnott I have no idea too...
All Linux devices was followed this rules, but windows devices are followed too, but not all.
I have 3 Windows 10 devices with assigned /8 in this situation, and all other devices was assigned /24 in this situation.
But now all works well, I fixed this issue by removing Aditional DHCP settings, as i told before.

Thanks again!