So you setup your local domain to be a valid domain that you do not own or control dns of, and then wonder why when you do not fqdn lookups you get redirected?? ;; QUESTION SECTION: ;pnwhome.com.                  IN      NS ;; ANSWER SECTION: pnwhome.com.            10800  IN      NS      ns1.namebrightdns.com. pnwhome.com.            10800  IN      NS      ns2.namebrightdns.com They have a redirect/wildcard setup ;; QUESTION SECTION: ;lsjdflsjfljslfjsdlfd.pnwhome.com. IN  A ;; ANSWER SECTION: lsjdflsjfljslfjsdlfd.pnwhome.com. 10800 IN CNAME hdredirect-lb-399551664.us-east-1.elb.amazonaws.com. hdredirect-lb-399551664.us-east-1.elb.amazonaws.com. 60 IN A 52.21.180.233 hdredirect-lb-399551664.us-east-1.elb.amazonaws.com. 60 IN A 52.3.120.90 ;; AUTHORITY SECTION: us-east-1.elb.amazonaws.com. 846 IN    NS      ns-1119.awsdns-11.org. us-east-1.elb.amazonaws.com. 846 IN    NS      ns-1793.awsdns-32.co.uk. us-east-1.elb.amazonaws.com. 846 IN    NS      ns-235.awsdns-29.com. us-east-1.elb.amazonaws.com. 846 IN    NS      ns-934.awsdns-52.net. Funny ;)

and did you put server: before your include? https://doc.pfsense.org/index.php/Unbound_DNS_Resolver [image: unboundadvoptions.png] [image: unboundadvoptions.png_thumb]

if you do not understand the difference between a forwarder and a resolver why is pfsense documentation responsibility to explain that too you?  why don't you look that up in your native language.

I think I figured out what the issue was, though I had to install a different firewall/dhcp server to discover the answer.  I grew frustrated with trying to get pfsense working so I installed a differrent firewall.  I used the same procedure, install/configure at home and then take it to work and plug it in.  I was surprised to find the same issue - DNS not working.  Well there was a direct link to DNS settings on the home screen so I clicked it and lo and behold there were 2 DNS servers listed.  One was the address of my home modem and the other was the address of my work modem.  My home modem was listed first and the firewall didn't even attempt to use the address of my work modem for DNS.  I deleted the entry for my home modem and everything started to work.  My guess is that somewhere in the pfsense settings there is a similar listing, I just couldn't find it as I grew more and more frustrated.  I need to make another of these firewall/dhcp servers so I will again attempt to use pfsense.  This time I think I know what to look for so should be able to get it working.

The resolver defaults to non-forwarding mode with DNSSEC enabled, so if your clock is not right or if you have any upstream DNS fiddling happening it can be touchy, though for most it's a more functional, safer, and secure default.

so which part in a fqdn did you think was the host??  you have www.domain.com that points to a server and www is a subdomain? in many dns ui your working with 1 domain so all you have to enter is the host.  With an override you could be using any domain google.com neowin.net, etc..  You own multiple domains and need them all to point to your private IPs, etc. glad you got it sorted.

@abujammy: 99% of the time, if there's an IP in the logs, it's an IP that was resolved from a DNS lookup. Not necessarily true that often, and that's only from a forward lookup. The logs show reverse DNS, which you won't have cached after doing a forward lookup. There is no way to lookup an A record from an IP, you have to lookup the PTR to go in that direction. There is also no ability to do a hostname lookup only if it's in cache, which is why everything that does PTRs works the way it does. It'd take ages to load the pages awaiting timeouts in many situations otherwise.

Thanks for the suggestion!  Tried explicitly IPv4, same results (x's to protect the innocent): [2.2.2-RELEASE][root@mbr-corp-gw.xxxxxxxx.com]/root: pkg -4 update Updating FreeBSD repository catalogue... pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/latest/meta.txz: No address record repository FreeBSD has no meta file, using default settings pkg: http://pkg.FreeBSD.org/FreeBSD:10:amd64/latest/packagesite.txz: No address record Unable to update repository FreeBSD [2.2.2-RELEASE][root@mbr-corp-gw.xxxxxxxx.com]/root: nslookup > pkg.freebsd.org Server:        8.8.4.4 Address:        8.8.4.4#53 Non-authoritative answer: Name:  pkg.freebsd.org Address: 96.47.72.71 > exit [2.2.2-RELEASE][root@mbr-corp-gw.xxxxxxxx.com]/root: ping pkg.freebsd.org PING pkg.freebsd.org (96.47.72.71): 56 data bytes 64 bytes from 96.47.72.71: icmp_seq=0 ttl=52 time=666.302 ms 64 bytes from 96.47.72.71: icmp_seq=1 ttl=52 time=631.953 ms 64 bytes from 96.47.72.71: icmp_seq=2 ttl=52 time=623.120 ms ^C --- pkg.freebsd.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 623.120/640.458/666.302/18.627 ms I have unchecked option: Allow DNS server list to be overridden by DHCP/PPP on WAN I have checked option: Do not use the DNS Forwarder as a DNS server for the firewall Interface setup: [2.2.2-RELEASE][root@mbr-corp-gw.xxxxxxxx.com]/root: ifconfig -a re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:30:18:c4:3f:60         inet6 fe80::230:18ff:fec4:3f60%re0 prefixlen 64 scopeid 0x1         inet 10.0.0.254 netmask 0xffffff00 broadcast 10.0.0.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:30:18:xx:xx:xx         inet6 xxxx::xxx:xxxx:xxxx:xxxx%re1 prefixlen 64 scopeid 0x2         inet 10.149.81.82 netmask 0xfffffff8 broadcast 10.149.81.87         inet6 2600:e008:6a:a2a0:230:18ff:fec4:3f61 prefixlen 64 autoconf         inet6 fd0d:edc3:e12a:0:230:18ff:fec4:3f61 prefixlen 64 autoconf         nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active re2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500         options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:30:18:c4:3f:62         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (none)         status: no carrier re3: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500         options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 00:30:18:c4:3f:63         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (none)         status: no carrier pflog0: flags=100 <promisc>metric 0 mtu 33144 pfsync0: flags=0<> metric 0 mtu 1500         syncpeer: 224.0.0.240 maxupd: 128 defer: on         syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384         options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000         inet6 ::1 prefixlen 128         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7         nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536         nd6 options=21 <performnud,auto_linklocal>re0_vlan30: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=3 <rxcsum,txcsum>ether 00:30:18:c4:3f:60         inet6 fe80::230:18ff:fec4:3f60%re0_vlan30 prefixlen 64 scopeid 0x9         inet 192.168.30.254 netmask 0xffffff00 broadcast 192.168.30.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         vlan: 30 vlanpcp: 0 parent interface: re0</full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></broadcast,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></broadcast,simplex,multicast></full-duplex></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast> Route information: [2.2.2-RELEASE][root@mbr-corp-gw.xxxxxxxx.com]/root: netstat -r Routing tables Internet: Destination        Gateway            Flags      Netif Expire default            10.149.81.81      UGS        re1 google-public-dns- 10.149.81.81      UGHS        re1 google-public-dns- 10.149.81.81      UGHS        re1 10.0.0.0          link#1            U          re0 mbr-corp-gw        link#1            UHS        lo0 10.149.81.80/29    link#2            U          re1 10.149.81.82      link#2            UHS        lo0 localhost          link#7            UH          lo0 192.168.30.0      link#9            U      re0_vlan 192.168.30.254    link#9            UHS        lo0 Internet6: Destination        Gateway            Flags      Netif Expire default            fe80::280:aeff:fe2 UGS        re1 localhost          link#7            UH          lo0 2600:e008:6a:a2a0: link#2            U          re1 2600:e008:6a:a2a0: link#2            UHS        lo0 fd0d:edc3:e12a::  link#2            U          re1 fd0d:edc3:e12a:0:2 link#2            UHS        lo0 fe80::%re0        link#1            U          re0 fe80::230:18ff:fec link#1            UHS        lo0 fe80::%re1        link#2            U          re1 fe80::230:18ff:fec link#2            UHS        lo0 fe80::%lo0        link#7            U          lo0 fe80::1%lo0        link#7            UHS        lo0 fe80::%re0_vlan30  link#9            U      re0_vlan fe80::230:18ff:fec link#9            UHS        lo0 ff01::%re0        fe80::230:18ff:fec U          re0 ff01::%re1        fe80::230:18ff:fec U          re1 ff01::%lo0        localhost          U          lo0 ff01::%re0_vlan30  fe80::230:18ff:fec U      re0_vlan ff02::%re0        fe80::230:18ff:fec U          re0 ff02::%re1        fe80::230:18ff:fec U          re1 ff02::%lo0        localhost          U          lo0 ff02::%re0_vlan30  fe80::230:18ff:fec U      re0_vlan I think this might have something to do with the routes.  Its a 5 hour drive to site… Maybe I'll try an entry in the /etc/hosts file, and use log the DNS on the firewall for some hints...

The Additional Pools section in Services/DHCP Server/LAN may help you - you can set DNS servers for IP ranges there. Sorry - I can't help with your question regarding  "3 separate IP addresses in the static mapping"

Thank you.  I just realized the error after few seconds after clicking post button. :)

No, there is no way to import that.

Dude…  Do you have a record for systemA in your external?  Or just a wildcard? Anything you want to resolve public you need records for, you can use a wildcard if you want.  But anything you want to resolve locally to private IP you need override for or it will resolve what the public has for it.

If you find a way to make that happen, let us know. But we never touch that file's contents, dhcpd itself manages everything to do with its contents. No idea how you could end up with that, apparently only 2 people ever have encountered it.

loooll yes that go site hehehe wow 1 worse then the other lool. sorry but have you checked the vodafone that is the last one lol? I really love your opinions lool

Thanks for your reply BBcan! I will read up in he links that you have provided, and see if I can configure it better. Weirdly enough, I disabled both dns forwarder, resolver, and DNSBL, then reenabled DNSBL and DNS resolver, and viola it just starting working perfectly …. No idea what happened.

I've seen "DHCP helper" in some of the switches I use. Though I'm not completely sure about what it does I would expect it to work in this category. Maybe your AP offers this as well? (I have to do some reading on the helper and "option 82" if I have an hour to kill…)

I am also facing this problem. Any solution yet?