Hey thanks very much for that solution. But how do I tell pfSense which Interface-IP to use as its own Hostname A-Record? Just wondering what pfSense's logic is to determine which IP to use. In my Home-Setup I have no problems with that, but I guess that's due to the fact I only have one LAN IP there… Because it's a requirement that for the DNS-Lookup on gw.foo.bar we get 172.16.1.1... Regards and thx again /clippy

@oguruma: Something goofy happened. I was using the Macbook with an IP mapped to .29, walked away for 30 minutes, came back and received error message "another device on the network has the same IP". Logged into the PFsense GUI and sure enough the Fire was assigned .29…. Well, you've had a couple of suggestions already about what to do. Given them a try and see how you get on.

If you're running 64 bit, probably can resolve that by replacing dnsmasq with the version here: https://forum.pfsense.org/index.php?topic=103714.msg580900#msg580900

It can work just fine that way, its just your not asking a ipv6 server for your dns.. Which is why your getting that specific error. So your not using ipv6 all they way through your still using ipv4 for the dns aspect of looking up some ipv6 based site..  Not really an issue..  Also comes down to what exactly your wanting to do…  And how you want to do it.. Do you want to pass some test for ipv6 functionality or do you just want to get to ipv6 sites?  There is no actual sites, other than maybe some p0rn or backnet stuff that is ipv6 only..  So doesn't really matter in the big picture.  If you resolve something io ipv6 via AAAA can you get there is the question.  Not that you look up that AAAA via dns via ipv4 address or ipv6 address.

Sorry, been offline for a few weeks. If I add a reservation and I don't delete the dynamic one listed in '/status_dhcp_leases.php?all=', my Debian machine still gets the old dynamic number. The lag between the logfile and the list on the 'status_dhcp_leases' seems to be gone.

diag, arp table is good place to see devices that are talking to pfsense..

@ky41083: Anyone still having this issue, try this: https://forum.pfsense.org/index.php?topic=89589.msg558373#msg558373 Would like to get some feedback beyond the handful of devices I manage. For me this stopped the repeated "unbound: service stopped", "unbound: start of service" messages 2-3 times per minute. Thanks - this was a longstanding issue. It fit because this installation was previously dnsmasq, switched to unbound some time ago. Specifically, the relevant part of the config export looked like this before: <dnsmasq><regdhcpstatic><custom_options><domain_needed><no_private_reverse><interface></interface></no_private_reverse></domain_needed></custom_options></regdhcpstatic></dnsmasq> and like this after: <dnsmasq><custom_options><domain_needed><no_private_reverse><interface></interface></no_private_reverse></domain_needed></custom_options></dnsmasq> It also took a reboot. A more subtle issue for me is that machines seem to lose DNS resolution (maybe all connectivity?) for about 5 seconds every time their DHCP lease expires and is renewed. For now I've just lengthened DHCP leases significantly - they were short for testing. Separate issue I guess.

You can't unicast the initial DHCP request, that's not how DHCP works. Your PC certainly isn't doing that. Guessing maybe you need to power cycle the modem after swapping devices so it allows something else to connect.

It is true, metal obstructions can interfere with and bounce signals, another possibility may be that the piece of equipment getting a weak signal is located directly above or below the router. Most router antennas broadcast 360 degrees parallel to the ground, geometrically speaking, on the X and Y axis, and the signal will go diagonally up and down. You get the weakest signal, however, within 8-10 degrees of straight up and down. If you have a another AP with external antennas than you can bend, you could try pointing the antennas straight out behind the router, or, keeping the antennas bent and mounting the whole unit vertically on a wall. Ultimately, if it ain't broke now, don't fix it. Most folks aren't aware of the inherent dead spot in Radio Frequency fields.

here is also the dashboard [image: dash.jpg] [image: dash.jpg_thumb]

@johnpoz: Curious why would your IP change in a DC??  At a loss to understand how that would happen on any sort of schedule.. I would think this would only change very rarely to be honest. Believe, strange things just happen. Two offices with fixed IP address suddenly started to change its IP every week. The ISP was contacted and it is trying to solve the problem, but the problem is still happening, despite my fixed IP contract. I don't know who to blame, but instead of blaming the poor service that is offered to me, I acted and now my company's infrastructure is mostly dynamic. When they solve the problem, I'll have nothing to do and everything will just work. If the same problem happens again, nobody will notice.

@ScottyDM: Oh, what did you mean by your last paragraph? My LAN server is running Active Directory, and automagically picks up machine names and addresses and puts them in it's DNS (which is why I must use the LAN server for first-tier resolution on the LAN). Is that what you mean by dynamic? Yes this is what I mean Is there a way to do something like that for my DMZ using only pfSense? Sure. look at attached picture (from pfSense DHCP server settings) [image: dhcp_dynamic_dns.JPG] [image: dhcp_dynamic_dns.JPG_thumb]

I guess reboot then and try resolver again. Damn packages are such a mess.

I managed to fix it… it was a very complicated process called... REBOOT.... now it is working as intend...

What is your budget for your managed switch?  I can say nothing but good things about the cisco sg300 line.. Currently at $130-135 at amazon.. Freaking STEAL!!  I picked mine up a $193 year and half ago..  And that was good price then..  Keep meaning to pick up another one to replace my OLD very limited netgear gs108t smart switch. http://www.amazon.com/Cisco-SG300-10-10-port-Gigabit-SRW2008-K9-NA/dp/B0041ORN6U The sg300 is a fully managed switch that even supports L3 mode if you want it.

I have the Netgear WN3000RPv3 - and can see in the admin -> Network devices page, a list of: IP address, MAC address, Virtual MAC address, Device Name (should have checked here first….) Virtual MAC address replaces the first 3 fields with 02:0F:B5 All good now. I added the netgear MAC addresses to DHCP reservation list, and to the alias, and devices are now enforced with firewall rule as intended.

Ok, I need a crash course in …eeehm ...which language btw? :-D

The online/offline status is just whether those IPs appear in the system's ARP cache. You can add static mappings if you want to see that online/offline display. But you can't run your own DHCP server in AWS.