Where are you forwarding too, that really is not the optimal mode of operation for unbound.  Might as well just use dnsmasq if you just want to forward. Why are you not using unbound in resolver mode which is default?  what exactly are you trying to resolve when its slow?

It only allows deleting leases that are offline (don't exist in the ARP cache). That's probably not the best assumption in the world, but at the stage we're at with 2.3 release coming soon, not something I'll change at this instant. Take the host in question offline and you'll be able to delete. 'arp -da' at a command prompt followed by a refresh of the page may suffice if the host isn't talking out to the Internet frequently.

domains are not routed.. FQDN resolver to some IP and then sure how you get to a specific IP is routed. Are you actually using domain.com or you trying obfuscate your actual domain? What exactly are you wanting to accomplish?  Are you trying to get some domain name you have registered on the public internet to resolve to pfsense WAN ip?

You sort of need to separate blocking the IP addresses and blocking DNS. There are two methods outlined in this thread. The first forwards all queries made to any DNS server to a specific DNS server. The second blocks queries to all DNS servers except those specified. It sounds like you want the former. Just because you can ping doesn't mean the DNS isn't being forwarded as specified.

see my edit, that is not a correct arp.. An arp is to all F's

maybe a way : have you all your inetwork nterfaces enable for dnsforwarder ? Not mine. I have a few dns cache "corruption" this afternoon and i think one of my subnetwork which query pfsense dns without dns-forwarder enable could corrupt the pfsense cache for the other subnetwork. could it be right ? I change dnsforwarder to listening at all my subnetwork….result coming soon :) Godcho

solution what I've found Resetting your browser to its default state can often fix problems and Use this option will won’t delete your bookmarks and passwords, but it make everything else back to its default state. The steps below are same for all operating systems whatever you’re using Windows, Mac and Linux versions of Chrome. You’ll need to type this address “chrome://settings/resetProfileSettings” into your Chrome’s address bar and it will show the reset option. Just click on reset. DNS_PROBE_FINISHED_NO_INTERNET – Solutions Encyclopedia

I'm seeing this too, not often but it just happened last night.  I'm hoping that it's one of those little flukes that goes away with the 2.3 upgrade that should be out any day now.

Pfsense dhcpd comes up authoritative, you can view the settings in the dhcpd.conf file.. But you are correct it is not sending NAK when it should since its authoritative. Is my understanding, but it seems you need a deny in the conf for that to happen.  But that again is on ISC, I agree if the dhcp is set to be authoritative for a pool, it should not just ignore requests but actually NAK them if they are not good. It will renew a lease, if its still in the pool even when here is a reservation setup for a client.  Which is why I thought it would renew, but you are correct if you change the pool then that lease is no longer valid.  But its not sending nak, so client will have to wait until lease expires before sending discover. So a quick work around if you want to send NAK.. Is just create another pool that contains the ranges you want to NAK and then deny clients send a request for that - they will get a nak, and then send out discover vs waiting for their lease to expire. There was a request long time ago to allow for custom changes to the conf file, like you can with unbound and the advanced box.  It would be nice to be able to do that..  Another work around is just killing the dhcpd edit conf and then starting it directly pointing to your conf file and what interfaces you want it on.  So that conf does not get rebuilt from the xml in the normal service startup. [image: naksent.png] [image: naksent.png_thumb] [image: sendnak.png] [image: sendnak.png_thumb] [image: sendnakspecificleases.png] [image: sendnakspecificleases.png_thumb]

@cmb: There was a bug with that recently I fixed in 2.3. It only populated the keys properly if the last enabled instance of the DHCP server had them set. Guessing maybe you enabled the DHCP server on a second LAN interface and don't have the keys defined there so it's now omitting them. Setting them on that additional DHCP server instance will work around. Something like that, I added by mistake an option to the first interface, a WAN, and since then it is apparently using only the key I put on that IF. I worked around it putting the key there. Apparently it doesn't matter if DHCP is not enabled on the IF as long as the key is configured. Thanks for your help, Davide

There is no file like that which can be edited directly. You'd place the static mappings in the GUI (Services > DHCP Server, LAN/Interface, static mappings section) If you have a lot of them it may be possible to script a conversion from the existing format to the format in our config.xml, but currently there are no such utilities available.

That was it! Clearing that file and restarting DHCPD fixed it! You're my hero of the day! THANKS!

@Gertjan: The same subject exists here https://forum.pfsense.org/index.php?topic=108711.0 (Captive portal ?) Ah thanks! Then-  https://forum.pfsense.org/index.php?topic=70.0

Statics should be outside the DHCP pool. Yes, it works fine. In fact, it's out of pfSense's control.

Hi. I'm assuming you're still using the freenas as a samba server, right? If so, it looks like your samba server is trying to use an interface/port combination already used by the server. In this way, unless you are trying to bind samba to a name.domain instead of a direct IP address (in which case it could be resolving to an already used IP through your pfsense dns box) I don't see many options on how the pfsense box could be directly interfering with your samba server startup. But who knows… :)