I dont mean to bringback a topic that is 2 years old but I would like to know how this turned out and if any new enhancements have made this feasible? I am also trying to have 2 INSIDE subnets resolve 2 different IP's for the same FQDN

@johnpoz: So you want your printers to get specific IPs in this network?  Is how I am reading it. Then sure create reservations/static mappings..  These would be outside your normal pool. So for example your network is 192.168.1/24 for example.. Pfsense having IP 192.168.1.1, lets say you have your dhcp pool set to 192.168.1.10 to .250.. Create your printers reservations at say .9, .8, .7 thank John, i'll try it and report back. much appreciation your support.

"When I picked the range, I was looking for something easy to pick," With that logic why not just 1.1.1.x ;)

Thank you! I was able to find the server address in the OpenVPN log.

Sorry, I may be missing your point. Are you saying that Windows doesn't send the domain for you either, if it's a single label? That may be the issue. Windows Version: 1607 (OS Build 14393.953) Thanks!

Domain Name System Security Extensions, ie dnssec is.. provides "origin authority, data integrity, and authenticated denial of existence" Which I said in simpler terms before.. "your sure that is what the info you get back is indeed what the authoritative server is putting out there." It's primary purpose is protecting against spoofing attacks.. If the OP isp is actually hijacking dns.. The best solution is to BITCH AND BITCH AND BITCH to them.. If its the only isp in the area then move ;)  Out of the box pfsense is going to run resolver with dnssec enabled.. If this is not working because of shitty isp then simple work around is have your resolver (unbound) use a vpn connection you setup on pfsense.  This can be cheap via a vps for like $15 year.. Or if you have a buddy who isp doesn't hijack - setup a vpn to this place and run your dns queries through there.. Or use dnscrypt which is going to default over 443 (ssl/tls port) so yeah your isp shouldn't be messing with that.  Problem is this is going to be forwarder, not resolver.  So your just going to have to trust the info you get back is not spoofed.. I do not think there is a dnscrypt package in pfsense, I do recall multiple threads about it..

I am not a gamer, so not how it might effect your game play.  But playing on a server half way around the globe is prob going to suck anyway for lag time, etc.  Then throw extra overhead of vpn not going to speed it up for sure. You might get away with just sending your dns query down the vpn so it looks like your coming from Country/Region X while your really in Y and dns response would give you the answer for region X. VPN can be done really cheap.. Simple way is cheap low end vps.. I have a few of these in different parts of the world.  1 VPS cost as low as $12 a year, or others I have cost $15 a year, etc.

The workaround is no longer needed since the root issue was fixed in isc-dhcp 4.3.5, which is included in pfSense 2.3.3. That's not to say there isn't some other issue causing missing hostnames, but I haven't seen a regression of this specific issue in pfSense 2.3.3.

@johnpoz: "nothing happened yet!!" That you know of ;)  Like saying hey I leave my front door unlocked and nothing has happened.  For you all know some homeless person has been taking a dump every morning in your bathroom after you leave for work and cleaning himself with your toothbrush ;) I gotta remember to lock my front door…

Well, I figured out the issue: it might have been just an unfortunate coincidence that threw me off the debugging path. The missing part from the report above is that on the 70.x subnet, the wifi AP is a ubiquity, which relays DHCP requests to pfsense (it sits comfortably on the 70.2 ip, 70.1 is the OPT1 if in pfsense). 70.3+ and until 70.100 are all reserved for static mappings, 70.101+ are the DHCP pool. At some point I realized that when a DHCPACK came through, it was not completely random. By inspecting the phone's logcat I started to notice a pattern in which the failures to receive the DHCPOFFERS coincided with the phone starting the conversation over the 2.4ghz channel, and then being moved over to the 5ghz channel by the band steering protocols on the ubiquity. Hilarity ensued, since for over a year I had no problem with the same hardware and a unified SSID for both frequencies. What probably threw me off was the fact that the ubiquity received a firmware upgrade (which likely introduced this issue) right around the same time I manually upgraded pfsense  >:( Solution was: separate the two wifi networks into their own dedicated SSIDs and disable band steering. Once that was done the DHCP protocol did not have any issues completing any handshake, over 2.4ghz or 5ghz. I'm leaving this here for posterity, might be useful to someone one day. Cheers

So they fixed the problem in v1.. What your asking for is a borked setup!!!  You can not logically reserve the same IP for 2 different macs.  If you want your device to have the same IP be it wired or wireless.  Set one of them to be static on the device.

@Gertjan: DHCP Registration is check This means Unbound is restarted every time a new DHCP lease comes in (yes I consider this a bug - it's an old issue) Thank you for this info, because i believe this was the issues every time a new pc was getting into the wireless network it would happen. i will disable this when i get home and test. THanks again this was driving me crazy Is there a place where known bugs are documented ?

As of version 1607, build 14393.953, which is a regular update, the problem has been fixed.

well just some idiot passing it on.. The developers prob have zero to do with the dns most likely.. And its a given in your email to them you were using the www ;) But hopefully it will work up the chain.

For anyone googling and finding this post the solution is to put a FQDN in the hostname field, and also put the domain in the domain field. It will look a bit weird in the Dynamic DNS Clients overview, such as: forum.pfsense.org.pfsense.org but it will work.

message received johnpoz i get your point 100% but thats been working for a while… I guess not now... lol.. so how would you block youtube and bad stuff from local dns but only on 2 computers?? thanks '