• How do you release existing DHCP lease?

    10
    0 Votes
    10 Posts
    2k Views
    AndyRHA

    Other than DHCP showing the in-scope lease and the out-of-scope reservation, are you having an issue?
    Is the client receiving the expected address?

  • Reverse lookups fail for static DHCP leases with unbound.

    4
    0 Votes
    4 Posts
    303 Views
    johnpozJ

    @Zotan well if your going to forward for the reverse you would to setup the in-addr.arpa zone to be forwarded.

    lets say you have zone1.home.arpa and zone2.home.arpa and zone3.home.arpa

    and lets say 192.168.1/24 is zone1, and zone2 is using 192.168.2/24 and zone3 is 192.168.3/24

    Create your forward for 2.168.192.in-addr.arpa to point to your pfsense for that zone, and then do 3.168.192.in-addr.arpa for zone3

    So for example I setup NS on my nas dns.. for both the forward zone testlocal.home.arpa and the reverse zone 0.168.192.in-addr.arpa created some records in it.. And setup some domain overrides to forward to my nas at 192.168.9.10

    ptr.jpg

  • Unbound not logging queries to remote syslog

    1
    0 Votes
    1 Posts
    149 Views
    No one has replied
  • DHCP pool outside interface subnet

    3
    0 Votes
    3 Posts
    275 Views
    M

    @coxhaus Thanks to answer.

    I think I dont have choice to user another DHCP than pfsense for that case ... I dont understand why developper never worked on that? With all research I've done about that, a lot of people tried to do that with pfsense without success!!! Finally use another like Microsoft one!

    Thanks!

  • Unbound vs Forwarding for DNS

    8
    0 Votes
    8 Posts
    755 Views
    C

    @Gertjan
    I think I will stay with DNS Forwarding on port 53 to QUAD9. I don't think anybody will hack from a US big ISP to QUAD9. I think it is a better risk than a query to a China DNS server using unbound. They could be making lists of all the queries hitting their servers. I rather not be on that list.

    I am not interested in getting a returned broadcast address or a private address. Maybe I will install SNORT again. I think they have a DNS packet inspector.

  • ISC DHCP and DDNS

    1
    0 Votes
    1 Posts
    96 Views
    No one has replied
  • DuckDNS IPv6 update URL ?

    3
    0 Votes
    3 Posts
    1k Views
    T

    @patient0 Thanks man ! I never even saw there was a 'Custom (v6)' option.

  • Any known DHCP issues in 24.03 ?

    4
    0 Votes
    4 Posts
    481 Views
    M

    @marc-vandevliet_proiect-be

    The root cause turned out to be an intermittend issue with arp, caused by a config error (resulting in 'looping' one vlan) on a Mikrotik switch.
    Troubleshooting this by activating logging on my NG8200 aggravated the issue, because extensive logging seems to bring down a firewall quickly ...

    Learned a few lessons ...

    Upgraded again to 24.03 (but stayed on ISC) and removed the static arp entries in my PFSense+ DHCP leases, as they also tend to complicate matters, when troubleshooting.

  • 0 Votes
    2 Posts
    210 Views
    E

    the problem was indeed in Pfsense side (I forget a parameter deny unknow client...)

  • DNS Domain override not working with resolver

    2
    0 Votes
    2 Posts
    173 Views
    Z

    I found the problem, hopefully this is useful to someone in the future.

    Domain overrides do work with unbound. My mistake was that I had not enabled the interface to C in Services -> DNS Resolver-> General Settings -> Outgoing Network Interfaces Which explains why the requests were never being sent.

  • Best Practice? How to set up DNS for roving admin laptop between subnets

    20
    0 Votes
    20 Posts
    883 Views
    JKnottJ

    @MrPete

    OK, let's see if I can make things clearer. I run the resolver that's included with pfSense.
    Guests are not allowed to access anything on my network, including DNS. The only thing they can do is ping the VLAN interface.
    I used static mapped IPv4 addresses for everything that lives here, other than my desktop computer and, of course, pfSense. I use SLAAC for IPv6.
    Local DNS has an entry for all those devices for both IPv4 and IPv6 addresses.
    Since I run a resolver, there's no forwarding involved.

  • Accessing Hasivo Switch with default IP 192.168.0.1

    1
    0 Votes
    1 Posts
    350 Views
    No one has replied
  • Unable to load specific websites - such as maps.google.com

    2
    0 Votes
    2 Posts
    185 Views
    GertjanG

    @fdfdfff2

    Microsoft Windows [version 10.0.22631.3593] (c) Microsoft Corporation. Tous droits réservés. C:\Users\Gauche>nslookup maps.google.com Serveur : pfSense.xxxx.yyyy Address: 2a01:cb19:dead:beef:92ec:77ff:fe29:392c Réponse ne faisant pas autorité : Nom : maps.google.com Addresses: 2a00:1450:4007:819::200e 142.250.178.142 C:\Users\Gauche>curl maps.google.com <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>302 Moved</TITLE></HEAD><BODY> <H1>302 Moved</H1> The document has moved <A HREF="http://maps.google.com/maps">here</A>. </BODY></HTML>

    Using a ordinary Windows PC, and pfSense using mostly default settings.
    Can't say more then this : go over what you've changed/added, undo/remove that, and you'll be fine.

  • Sporadic DNS issues, cryptic error in logs.

    6
    1 Votes
    6 Posts
    584 Views
    T

    @The-Party-of-Hell-No
    Another post:

    https://forum.netgate.com/topic/187510/dns_probe_finished_nxdomain-sporadically-for-anywhere-from-30secs-to-10min-works-flawlessly-at-all-other-times/31

  • Unbound crashing randomly after 24.03 upgrade

    7
    0 Votes
    7 Posts
    371 Views
    S

    @mwierowski said in Unbound crashing randomly after 24.03 upgrade:

    @Gertjan, so far, since unchecking that option, I haven't seen a single restart of unbound. Hopefully, this will resolve the issue. Thanks again for your help.

    I'd expect so. If you do need registration, the other option is to set a longer lease time. Clients normally renew their leases at 1/2 the lease duration. So a 1 hour lease with 30 devices would be an average of once per minute.

    I believe Netgate is working on improving this when they are further along in transitioning to Kea DHCP.

  • Facing issues with DHCP and 2 APs

    23
    0 Votes
    23 Posts
    1k Views
    T

    @Gertjan That's strange then since DHCP is turned off on both of them.
    Yeah these are client lists from the 2 APs on the network right now, I wasn't sure if it was relevant but I just thought it might be interesting

  • Vendor Class Identifier in Kea DHCP

    2
    0 Votes
    2 Posts
    177 Views
    C

    It could be implementing similar way how DNS overrides are. Example: Kea.jpg

  • DNS reverts to isp servers

    9
    0 Votes
    9 Posts
    867 Views
    F

    @Gertjan
    You’re correct of course, but that’s why I’ve built a new one on initially 2.6 and that’s the one that’s having issues
    I’m not anyway an networking expert - just attempting to understand the “black art” and although some would say just use a consumer asus or netgear router powers that be have blocked the once useable wrt router hacks to allow vpns and other stuff
    Anyways- thanks for your help
    In the end there is a big chasm between engineers and end users

  • DNS error

    10
    0 Votes
    10 Posts
    538 Views
    A

    @Gertjan said in DNS error:

    Also : check every device connected to pfSense, and check every application (system, browser, everything) that it using the pfSense IP as a DNS.
    Be aware that browser, when you install them these days, can do (will do) DOT/DOH themselves, completely bypassing pfSense, bypassing unbound (and where unbound forwards to = your 194.242.2.4)

    With my rules, I think impossible to bypass))

    cc42b186-3fb3-4a7e-9b9b-55d32d494497-image.png

    639afd55-7c87-4f17-bca9-236d70a91f45-image.png

    10795f50-6b06-414c-b6df-af852d980f6b-image.png

    d5047651-cb0d-45b9-83c0-b2cc98489805-image.png

  • Unable to set custom unbound options

    5
    0 Votes
    5 Posts
    715 Views
    F

    Perfect - you are right, thanks so much!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.