hi, well you are right and I did check them. For example I was able connect > get ip address > landing page etc. with my iphone/macbook, other test android phones. etc. but now I cannot. I did tcpdump: tcpdump -i <int>host ether xx:xx:xx:xx:xx (this is mac address of devices wifi adapter), and I can see that DHCP "offers" certain IP address, which I can see also in lease (/var/dhcp/var/db/). But wifi icon just rolling and at the end I get 169.x.x.x address (we all know what it is). Also this happened (started) same time: https://forum.pfsense.org/index.php?topic=101803.msg567762#msg567762 Thank you in advance.</int>

what does your host override look like? if I want webserver1.example.com to resolve to internal IP.. its simple override.  Does not matter if forwarder or resolver as long as you put it in the one your actually using - they are the same from how host overrides work point of view.. But if your using the forwarder and you put the override in resolver - not going to work, or if vice versa And as Derelict so correctly states using an actual dns tool to query is going to be way more informative than simple ping or browser - both of which could be using cache, etc..  And do not report on info like exactly what server you did the query against and what the TTL might be, etc. etc.. [image: overridehost.png] [image: overridehost.png_thumb] [image: dig.png] [image: dig.png_thumb]

i was just wrangling with this exact issue - looks like it was just resolved in redline a week ago so expect we'll see it fixed in the next release. Thanks guys.

Referance to the man page was because it uses quotes arroud mac addresses. Cisco we do not use, yealink,snom,aastra what we use.. So vendor-class-identifier is irralefent for us. And also with pfsense you can use dhcp option like 60 or 66 ones in the main pool. I  a sub pool only mac bases restrictions are posible. Well any way this works for us.

"why would unbound be timing out all the time." You have shitty wan connectivity?  Your hitting shitty nameservers?  Nameservers are outside your region?  Last root hint update was May 23, 2015 so not something that needs to be updated all that often.  Are you having issues with IPv6 connectivity and your trying to hit the roots via ipv6? Lots of reasons why you could be having timeout issues to be honest.. Did you edit the cache time??  Not something you should normally have to adjust? So you have your DCs that are doing dns forward to your unbound on pfsense - maybe something in that process is slow?

Hello there, I'm having this problem and was wondering if you can provide a step by step? Much appreciated.

Is this maybe the ISP getting the MAC address of the switch because of spanning-tree or something? Try disabling spanning-tree on the switch port going to the cable modem.

Before I got a dedicated AP system, I bridged my old WRT on one interface to the second with the wired switch. Long story short I needed to change System -> System Tunables net.link.bridge.pfil_member to 0 net.link.bridge.pfil_bridge to 1

what your doing is not anywhere close to what the OP is doing.. Pfsense does not running dhcp scopes for networks it does not have an interface in..  While the dhcp server is running might support it - its not part of the dhcp build as derelict mentions - just run a different dchp server if you want a central dhcp server..

This is solved. Turns out that I needed to set 127.0.0.1 for both the records within NameCheap. Once I did that, my record updated just fine.

@cmb: Should be fixed. https://redmine.pfsense.org/issues/5334 Cannot reproduce the original issue (ZFS on the test rigs doesn't seem to suffer from any of similar "features") but intentionally screwing the anchors file gets recovered just fine now…

dns top doesn't really log..  you can load in a tcpdump "savefile". http://linux.die.net/man/8/dnstop dnstop is a small tool to listen on device or to parse the file savefile and collect and print statistics on the local network's DNS traffic. You must have read access to /dev/bpf*. dnstop [-46apsQR] [-b expression] [-i address] [-f filter] [-r interval] [device] [savefile] So you could log traffic on 53 tcp/udp with say tcpdump and then to via what was queried you could have dnstop parse the dump.. You could do a tcpdump in a loop to have lots of different files for say each day, etc.. dnstop is great for keep an active eye on what is being queried and from who and what is most queried, etc..  But not really a good choice for archival of dns queries.  Your best bet in that case would be to have dnsmasq log and send that to syslog, or have bind log and would send that to syslog as well so you could have them on different machine.

"am writing a report on this" So your wanting help with your school work?? "For actual details have like 6 sub domains and forwarded port 80 to my domain IP given by my ISP to the Nginx server in the local LAN." This really has NOTING to do with pfsense, as chris states the name servers in pfsense are not really meant to be authoritative.. You can setup overrides to resolve whatever you want to whatever you want.  But dnsmasq nor unbound are authoritative name servers.  You could install the bind package, etc. But resolving of anything for the public is best done on the PUBLIC with say your isp dns, a dns service.  Using pfsense as dns for outside public would be BAD even if using bind on it.  Hosting your own dns is not something you should take lightly.. And if you have to ask, you clearly are not ready to do it ;) Point whatever fqdn you want to pfsense public IP at your public dns.  Then you can create overrides in pfsense dns so clients locally would resolve those sites to the local address vs the public one.. I have a funny feeling you don't really even understand what the term split dns means..  And we are helping you with some school assignment as well…

The network was hidden even with ipconfig /all so I didn't really know, only after some troubleshooting.