Updated to 2.4.2 and tried to add ClouDNS as DynDNS provider. GUI requires to fill multiple fields like hostname, username, password while the only needed parameter should be an API token, IMHO. OK, even with all the fields populated there is no update and authentication error in the log: /services_dyndns_edit.php: Failed(Invalid authentication, incorrect auth-id or auth-password.) I've used my regular username (e-mail) and password but that seems to be wrong. I have a feeling that I will need separate API username and password, but I see no API menu on my free account. BTW, works like a charm as Custom with a single URL like https://ipv4.cloudns.net/api/dynamicURL/?q={my token here}

If dhdpd is running - did it ever see a dhcp discover?  It would log seeing the discover.. Or sniff are you seeing any discover?  With the right vlan set, etc.

"Has nothing to do with bind vs powerdns." Yes it does… He clearly stated he was moving away from powerdns.. And wanted to do it on pfsense..  Which he could of done via the bind package and views, or a few months later when they updated to unbound 1.6 he could do with their version of views.. You seem to be wearing your powerdns hat ;)  And want nothing more to promote powerdns on a OLD thread that the OP was specifically move away from that.. Yet you suggest he move back to it and run it on something other than pfsense.  When he wants to run his solution on pfsense.. Like I said - where is the value added from your comments?  Talk about a derail ;) On a side note the derailing of this thread is moot anyway, since the OP Only has 2 posts, and hasn't been back since May anyway.. We could talk about the price of tea in china and it would mean as much as this thread means to the OP ;)  And anyone running their own dns normally wouldn't be here looking for a solution to how the OP question was asked since they would be either running bind or powerdns, etc..... So we might as well talk about the weather or what your fav type of beer is. I am a huge fan of IPA's and Stouts - what about you?

"The addresses are resolved with two private IPs." That borked to be honest.. You do have public domains resolve to private IPs.. This is rebinding attack waiting to happen.. If you want the resolver to be able to resolve these domains then you would have to turn off rebinding protection for those domains, or turn it off completely. Your best bet is to just set the domain as private in the custom box of unbound.. https://doc.pfsense.org/index.php/DNS_Rebinding_Protections Why would you customer public domains resolver to rfc1918 space in the first place?

Thanks for reporting back.

Why is the TTL field hidden for CloudFlare Dynamic DNS provider? The CloudFlare v4 api documentation shows the TTL value is supported: https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record

So yes, what Jim said is correct: my carp ip address was in a different subnet as the network it was supposed to be on. I am happy to be wrong! –jason

I was wondering why the hostname wasn't showing up. Ty

I'm new to PFSense. Recently been configuring and using it as AD authenticated and non-authenticated proxies and it works great. Sir, may i ask for the setup, or can you teach me pls.

I'm also using Ubiquity AP's on my network - maybe it's a problem/bug with the AP firmware? One other thing that might be worth trying is to toggle the Wi-Fi Assist feature on/off on iOS to see if that helps any.

Thanks for your answer. Unfortunately I have to ask again as I'm too new to this stuff. I don't really understand what you are explaining to me. As far as I understand you I have to correct the configuration of the DNS forwarder at office A and office B (the configuration on the VPN concentrator "hub" can be unchanged). Currently both "Network Interfaces" and "Outgoing Network Interfaces" are set to "All" at both offices. The OpenVPN connection is indeed peer-to-peer between office A and the hub and office B and the hub each. My problem seems to be that e.g. office B (LAN 192.168.5.0/24 with WAN address 192.168.105.1) does not direct it's DNS query into the tunnel but directly to it's uplink DNS server (which is 192.168.105.254). Should I update pfSense (from 2.3.3-RELEASE-p1 to 2.4.1-RELEASE)? Might that help? Thanks for your patience!

@Grimson: First check that your clients are actually using the pfSense IP address as nameserver, try (following your example) "nslookup mydomain.example.com" on a LAN client. This should show you what DNS server is used and the IP it responds with. Domain Overrides are only usefull if you have a dedicated DNS server (like bind) with a matching zone configuration for your domain on your LAN. On some clients, that also cache DNS requests, you might have to flush the cache or reboot the system. I tried now for the first time since last time I posted, and you are right everything needed was probably the DNS Flush that I supposed it did for itself since it been some days. So it worked like a charm from start. Thanks! :)

the image is the steps for add static mapping: image 1 is the Status -> DHCP Leases image 2 is the bug page image 3 is what need to be to work. if need any more information please ask me. tks.      

Somewhere you have entered a subnet when it should be a single host address. You can't resolve a hostname to an entire network, and that's what it appears to be trying to do, either unintentionally or accidentally.

Hmmm ok, found out more. Maybe any gurus can help me out? Did a packet capture of a few scenarios: When a wireless device is trying to grab DHCP found out that the message was send as a broadcast from Device to PFSense - DHCPDiscover found out that the DHCP Offer was send back as a Unicast message (which is a bit weird) When a wired connection is trying to grab DHCP found DHCP Discover packet was send as a broadcast requesting for an IP did not see the DHCP offer packet from the PFsense saw a few dhcp request packet PC was able to get the dhcp ip I thought that this could be due to the fact that the PC previously have a static entry in the DHCP Server. So i removed it and perform the DHCP again. When a wired connection is trying to grab a DHCP and the MAC is not statically assigned same issue as scenario 1 PC is not able to grab dhcp So it seems like any wired is able to get statically assigned DHCP IP. If they are not static, it will not work. I then proceed to check on the /var/dhcpd/var/db/dhcpd.lease file where every DHCP IP should be in there, but the file size is less than 1KB at the moment. I have more than 40 network devices in my network, mostly wireless. I have at least 10 wired devices which should be in the dhcpd.lease file (correct me if I am wrong). I then proceed to delete the dhcpd.lease and dhpcd.lease~ file, turn off the dhcp server service and turn it back on to recreate the file. Still the same, no difference. Any kind gurus can help me out? Any kind gurus can advise me what could I do