@socrateberserk Glad to hear you got thinks working!

@juanzelli

For what it's worth, I've activated 0x20 support since the day it became available :

29582690-ecdf-4948-b623-99b1b3300c64-image.png

Btw : I'm resolving, and doing DNSSEC when available, I'm not using any commercial DNS solutions.

Never had any DNS issues.

@wschvex

I recapped this, click => unbound set SRV correctly ?

You don't need the forwarder (dnsmasq), unbound can handle everything, and more.
Keep in mind that the GUI page Services > DNS Resolver > General Settings and the advanced settings page only coberscobers the basic DNS needs.
The rest ( you saw the rest ? ) are rarely used.

That's why this :

935c9e85-3ee1-4544-be0b-3ecb4e353dca-image.png

exist.

Keep in mind : syntax errors are not allowed !

@Gertjan
Still ISC.

I wonder if a raspberry pi zero could do it???

KEA is the fix for the twilighted DHCP server, that DHCP software the developers no longer release updates for. pfSense/Netgate had to redesign a lot of code just to get KEA to work, again with anything new there is a timeline for software convergence that is expected. That is why it was a depreciation notice and not automatically merged to KEA. Thanks for sharing your experience with the community. Sorry you had that experience. Again with the Boot Environment features mitigation for such issues is a breeze to jump back to a known good configuration. I love Boot Environments.

@netblues Thanks for the info. I reconnect the cable to the port and it seems that it can now get the IP address. No change in the configuration.

@Gertjan I checked my DNS forwarder settings, made a slight change (turned off reverse DNS for local servers) and it worked.

Thanks.

I totally agree on the meaningful error messages. I also wonder if there shouldn't be a mechanism to restart a critical service intelligently (since as I learned above, watchdog is not intelligent enough).

Another thing you might want to try @Mission-Ghost is to update pfBlockerNG. I learned that packages do not auto-update. When looking at the package list (now a widget on my dashboard) it allowed to start an update.

@patient0 Thanks for your replies!
I know we can change the MAC in the VM configuration, but I wanted to get a new interface going to ensure nothing cached would impact the outcome.

@RJ said in Upgrade to 24.03 - DNS Settings:

@jimp

Thanks for confirming the nameserver ::1 entry in /etc/resolv.conf is there for IPv6. This has not caused any problems for me.

However, I think it causes DNS Lookups from within the pfsense GUI to briefly hang as it waits for a timeout from the query to ::1

Look at this one:
https://forum.netgate.com/topic/189394/local-loopback-ipv6-dns-timeouts-no-response-24-03

Reporting back. Creating a "quick" floating firewall allowing outbound access from my Nord interfaces to my System DNS servers seems to have gotten rid of these blocked inbound connections. It's not clear to me why, but maybe it will be to someone else . . .

b2c8bc7a-9afb-4133-9bd9-ce88b385bb9a-image.png

@GeorgeCZ58

A rapid Google search gave me this :

https://community.ipfire.org/t/any-way-to-block-all-dns-queries-and-whitelist-some/10544

Btw : and because 'respip' was unknown to me, I found this. So it exists,
Not sure if pfSense has this software component. It is a module created by NLnetLabs (unbound author).

So, easy plan A : PI-Hole ?

@b0sman can you query anything from your vpn client to your 10.0.0.11?

say pfsense own name? When you add a vpn tunnel network.. I don't believe that adding a vpn tunnel network adds that to the unbound default ACLs

Also if you setup some domain override to go lookup this pc01.mydomain.local, that would be rebind if the answer is a rfc1918 IP.

Also .local is not a good choice for local tld, since .local is used by mdns.. I would suggest moving to better choice, either use home.arpa locally, or the new one is .internal

@johnpoz

Thank You, I never knew that.

@Gertjan Ended up needing to fully set a static IP on the NAS to get it to work. Tried it on a managed switch before doing that and that didn't work either. In any case, seems to be working properly now. Thanks again.