Thanks for responding. Will give it a try.

Makes perfect sense - thanks @Derelict.

@jimp Thanks!

OK sounds good! Thanks for the tip.

Nope- works just fine. I use NoIP.com exclusively. If your not sure about yourself then use a text document to type out your password.. Then copy and paste.

Thanks I'll try to get in touch with the app devs and see why it's configured this way.

Any entries in the resolver log on pfSense? Can you post screenshots of your DNS Resolver configuration?

Again - you can hand out the domain for the client.. whatever you want.. Doesn't mean client will use it, etc. depends on the client. But registering the dhcp leases into unbound only uses the pfsense domain. If you want to do something like what your talking about with multiple domains.. Use bind and have the client register themselves into you specific domains. Off the top my head I do not believe unbound allows for dns registration of clients because its not really meant as an authoritative NS to be honest.

Re: Only LAN shows up for DHCP Server interfaces? Thank you everyone! That was it, I didn't notice that it had defaulted to 32. The subnet mask has been appropriately set and it is working now. Thank you again!

@derelict Thank you, I'll try that. Unfortunately, I am not at home for a week, but when I am back, I'll try your solution and give you an update.

Found the problem: the aws reply was with private IP addresses and they were dropped by default pfsense setup. See https://www.netgate.com/docs/pfsense/dns/dns-rebinding-protections.html for how to enable "Private Address support".

Yepp, this fixed it. Not sure if I should run it every 15 minutes ? I was thinking that there is some automatism in pfSense to run it whenever the wan IP changes. But Cron does it as well :)

Right. So, like I said in a reply near the top, my Pi Hole nukes streaming media regularly, so I put my regular clients on the Pi Hole for DNS, and my streaming clients on my provider's DNS servers. And it worked, but only after a reboot, which was strange, but oh well. Thanks to all.

Putting rfc1918 in a public dns is almost always BORKED... And yes anything worth anything would not hand that back to a client because of possible rebind.. Because again rfc1918 in a public domain is just borked ;)

I don't think anyone else has requested the feature before. You can open a feature request on https://redmine.pfsense.org/ with that config example and it shouldn't be too hard to add. Probably not going to make it in the next version, but at some point in the future.