It was for me, I don't know if that's just an oddity because I added the nic after the initial configuration or if this just happens by default when you add an IPv6 address to the interface I feel that it would be better if it was off by default regardless, assuming my situation wasn't too weird lol

At freedns.afraid.org under dynamic dns there is a link you can click to get a cron entry. I copied that and replace "wget -O -" with just "fetch" and pasted it into the command box for pfsense cron entries No dashes and no -O Waited 5 minutes and it updated. p.s.  The reason he set it for every 5 minutes is because thats what freedns.afraid.org recommends

Thank you for your help. That fixed my problem.

I had to use the paid service and they fixed it.  Turns out it was the Squid log files, despite using the clear logs function though the GUI

sure that is very simple setup.

Nothing on WAN should ever touch the Forwarder or Resolver. WAN is not designed to be a local client interface in that way, and won't work as one. Use an isolated OPT interface to segment it.

what your asking unbound for is not the override so yeah how would it know to check for overrides if a cname comes back.  You would have to put in the override for what your actually doing the query for.

I have submited a pull request in hopes of resolving the capability to set MTU on dhcp pools. https://github.com/pfsense/pfsense/pull/3222

1. Please don't hijack other peoples's threads. 2.  Sounds like just a transient DNS issue with that domain's DNS provider.  If it only happens with one site some of the time then I would assume the issue is on their end.

I kinda lost track on this issue, and it's gone as it came :) Anyway, wanted to say thanks for the help and time spent.

You can navigate to Status/System Logs and select the Settings tab. From there you can select which logs you want to send across (just tick DHCP service events and leave the rest unticked) and for what services. Obviously your target system should be running a syslog daemon.

In case it helps anyone else, I contacted support and got this resolved. Basically, settings the first DNS server as the internal DNS created a static route through the primary WAN connection. When the fail-over was using the secondary WAN connection, it couldn't contact the internal DNS server since the static router was through WAN1. Removing that entry and having it use the "domain overrides" seemed to fix the problem. I'll be testing early tomorrow before the users show up.

can I have the users on my LAN not be affected by the squid non-transparent proxy What users?  I thought you had a PC-register and a tablet and that was it.  The proxy only affects web traffic, and you don't want them going anywhere except where you allow so I'm not sure what affect you're thinking of. Can I have LAN use one DNS instance and then incoming WAN DNS lookups/squid assigned to another instance? Eh?  You want a separate DNS for LAN and one for squid?  What problem would that solve?

Is it possible to stop this? Why would you want to?  You get the same result regardless and it is more efficient. https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks You are already using method #2 which is the more elegant solution.

Yes, it's intentional. I'm using the "track interface" option on the LAN so that it gets its IPV6 address from the WAN. My isp uses 6rd so my wan is configured accordingly. When I used WAN for the interface in the dynamic dns settings it gave a similar error about getting the address. The more I think about this, the more sense it makes. With IPv6 the LAN address is the public address so the tricks we've always used to get around NAT complications are no longer needed.

Thanks for the reply.

Anything in the System log?  Do you have verbose logging enabled?  I wonder if this has anything to do with the DynDNS DDoS from last week?