@bigjoe714: I seem to be having the same issue. Any luck figuring it out? Basically a reboot. Above I had been speculating that the chroot was somehow messed up.  However, since then I discovered that /var/run is actually a RAMdisk, and I think it's more likely something goofed up with that.  Obviously, I can't troubleshoot further until it happens to me again.

Thanks. It works like a charm.

So here's more details regarding my test lab [i've put the wrong IP Addresses but the configuration remain the same] Cable Modem ===> Firewall ===> Switch L3 ===> VMWare Esxi ===> Nothing here that can offer IP Addresses, nothing upstream either ==== > W2012R2 - Static IP : 10.115.115.254/24 DHCP Server Range 10.115.115.50 to 75 ===> WAN pfSense ===> LAN pfSense VM Host-only 10.12.12.X/24 ===> Windows 7 VM So, even if i put the DHCP Server Address 10.115.115.254, i still get an IP Address from 10.115.115.50 to 75. There's nothing upstream, so it simulate the problem i was having. If my ISP doesn't offer an IP Address or goes offline, my cable modem should kick in and offer me => 192.168.100.X . So basicaly in my test lab, if i've configure to reject an IP Address from the DHCP server, i shouldn't get an IP Address at all, so i shouldn't get an IP Address from 10.115.115.50 to 75 …..  right ?

I just ran into the exact same issue when creating new vlan interfaces.  At first I tried just restarting the dhcp service but that did not help. I had to do a full stop and start of the service then the proper interfaces were part of the parameter set as you described. 2.3.2-RELEASE (amd64)

Your saying other wireless clients work to same IP (pfsense) for dns.. But comes back refused when done from this 1 windows 7 client? Can you post details showing this..  How are you doing the query?

@garyd9: If the… **However, at this point, I'm only taking guesses.  You'd be much better off waiting for someone with more knowledge of how the IPSec stuff works in terms of IP address assignment (and routing) to notice this thread and help out. ** I guess I'm not really wanting the AD DNS to specifically get updated with my home network's DHCP entries. If it worked like the domain override in dns forwarder (which is what I have running on pfSense for lcoal dns) that would be ideal.  Thank you for taking the time to respond to my issue. I appreciate the effort!

The solution for me was to switch to DNS Forwarder, and list one of my corporate DC's in the domain overrides section. Now to get the office side to resolve my home addresses…. https://forum.pfsense.org/index.php?topic=117455.0

norspang…thanks for your cronjob...it has saved me a lot of hassle...not ideal but gets the job done.

What domain are you using in pfsense?  workgroup??  That is a bad choice to be honest.. single label not a really good idea.. I use local.lan as my domain.. So yes all machines fqdn would be host.local.lan but they resolve via hostname just fine.. example > dig esxi                                                                ; <<>> DiG 9.10.4-P2 <<>> esxi                                            ;; global options: +cmd                                                  ;; Got answer:                                                            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1728                  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1  ;; OPT PSEUDOSECTION:                                                    ; EDNS: version: 0, flags:; udp: 4096                                    ;; QUESTION SECTION:                                                      ;esxi.                          IN      A                                ;; ANSWER SECTION:                                                        esxi.                  3600    IN      A      192.168.9.40              ;; Query time: 1 msec                                                    ;; SERVER: 192.168.9.253#53(192.168.9.253)                                ;; WHEN: Fri Aug 26 08:11:48 Central Daylight Time 2016                  ;; MSG SIZE  rcvd: 49                                                    If your BROADCASTING for names then yeah prob return ipv6 if you have ipv6 enabled since pretty much every current os out there is set to prefer ipv6 over ipv4.. Notice when I do something like just ping for the hostname it returns the fqdn ping esxi Pinging esxi.local.lan [192.168.9.40] with 32 bytes of data: Reply from 192.168.9.40: bytes=32 time<1ms TTL=64 Reply from 192.168.9.40: bytes=32 time<1ms TTL=64

huh.. So you have some typos? VLAN10 -> 192.168.11.10 - 99/24 defgw -> 192.168.10.254 VLAN20 -> 192.168.12.10 - 99/24 defgw -> 192.168.10.254 How are these 2 /24 vlans pointing to gateway that is not in their network? Here you show them having the same IP? VLAN10 (eth1) - fixed IP -> 192.168.11.254/24 (Parent - LAN) VLAN20 (eth1) - fixed IP -> 192.168.11.254/24 (Parent - LAN) Then you say I also configured eth3 as standed LAN interface and dhcp server and same thing no dhcp lease to clients. But then show this (eth3) unconfigured How about some pictures of your configuration so we are sure of the info.  And how is your switch configured for these vlans? As to this VLAN10 Route -> WAN VLAN20 Route -> WAN Have no idea what to make of that - what is that suppose to mean??  So you don't allow them to talk to your other segments? "Does pfsense block dhcp by design for any ports except the default LAN port?" No.. It actually enabled hidden firewall rules to allow for dhcp when you enable dhcp server on any interface.  I have dhcp running on multiple segments both native and vlan tagged.  And also on multiple vlans on wifi segments. Would like to see your switch setup and your AP connected too your wlan.. Is it some wifi router your trying to use as AP and have it connected via its wan interface or something?

Does anyone maintain unbound ?

Well, now I do.  Turns out it's a lot easier with a "real" hostname rather than trying to use one of the free dynamic DNS names.  (That's probably obvious.) Anyway, I've finally got it!  Thank you for your help; I probably would still be floundering around with this without it!

For pfSense to act as a DHCP server for multiple VLANs, pfSense needs to be directly connected to each VLAN using an interface on the firewall. Create a tag for each VLAN under Interfaces > (assign), VLANs tab and then assign each of them, give each interface an IP address in its separate subnet, then you can enabled DHCP and so on. If pfSense is connected to a switch, the switch has to trunk/tag all of the appropriate VLANs on the port pfSense is connected to. If pfSense is directly connected to the unifi AP, then it should be tagged coming out of the unifi AP. That also assumes pfSense will be the router for each of those subnets. If you have something fancier setup where the firewall is at the edge and the VLANs are routed internally, then pfSense can't be the DHCP server for all of the subnets, only the one(s) it's directly connected to.

What it means is if your pool is 192.168.1.100 to 200 that your reservations would be .1 to 99 or 201 to 254 is all You can create multiple pools so you could have pool 192.168.1.2 - 98, .99 IPad, .100 phone reservations, .101 - .254 as pool. What I can tell you for sure is the dhcp server features in pfsense are way beyond what is in the merlin firmware ;) You can not just call your pool .1 to .254 and then just pick IPs inside of that for reservations.  But you can break up the scope int multiple multiple pools to leave you ranges or individual IPs inside the scope. I doubt you have anywhere close to 250 some hosts that need dhcp anyway..  So you make your dchp scope size that covers you, then you have whatever is not in the pool to use for reservations.  For example my lan segment is 192.168.9.0/24 but my pool for dhcp is only .210 to .239 I then have multiple reservations for devices, and also some that are just static I set on the devices directly that are not show there. [image: pools-reservations.jpg] [image: pools-reservations.jpg_thumb]

Came out of blue? pfS behind modem? Could be you`re in a CGN. Try a trace.

Something must already be running. Post the full output of the following command: ps uxawwd