Or… you could also think about something somewhat different like HTTP proxy + filtering  ;)  (i.e. squid + squidguard)

@johnpoz: forwarder has the ability to log every query yes.. Resolver does not. If you just forward queries, kind of defeats the purpose of dnssec does it not..  At some point the forwarder your using if just a forwarder itself has to send to a resolver, do the resolvers it uses do dnssec?? If what you want is dnssec, then yes running your own actual resolver is the way to go.  Logging of actual queries does not seem like something unbound does.  Use bind, or another method of logging dns traffic and parsing it.  Dnstop comes to mind.  Better might be Suricata, it does dns logging, even txt queries I do believe. Not sure if the Suricata package for pfsense makes it easy to do or not, have not played with it much. johnpoz, Thanks for your reply.

Actually, this is a change in behavior. On 2.0 when you selected a DHCP client and reserved it an address, "cleanup" was done (I don't know the details of "how" it was done, but it observably worked) so that the client got the reserved address without further intervention. On 2.2.4 you have to manually track and kill the prior in-pool reservation. The 2.0 behavior was considerably more intuitive to work with when reserving addresses.

You might want to take a look at Steve Gibson's DNS Benchmark tool. It benchmarks about 70 commonly used public IPv4 DNS servers, and I think you can even add additional servers, if the ones you're using aren't already in the list. After you do the basic benchmark, you also have the option of having it generate a custom list of 50 servers from over 4,000 servers worldwide. You might find servers that are better/faster than the ones you're using.

@muswellhillbilly: Have you set the correct DNS servers in your DHCP lease settings? thank you managed to fix it, router was faulty

Related to the link… That's the reason why I wrote that I deleted the /tmp/config.cache file (second paragraph of initial statement).

i am using my domain controller to resolve the dns request . and pfsense using my domain controller as dns to resolve the request . using the dns forwarder and dns resolver in pfsense gonna speed things up ? thank you

@Jamerson: @cyberbot: @johnpoz: and what is your lan network??  Can't have same network on both sides.. Thank you John for your answer LAN is 192.168.4.0/24 WAN is 192.168.1.0/24 thank you i've configured the pfsense to use WAN router as Gateway does your WAN has a assigned Gateway ? thank you so much you saved me yes the WAN adres didn't had a assigned Gateway. now everything is working

Check the output of 'sockstat -4', it'll show you which process is bound to that port already.

It should already be fixed in 2.2.5 snapshots.

thank you for the directions!  Much appreciated.

I find that unlikely.. Used that method for quite some time until they enabled unbound (resolver) without any issues.  Why don't you put it back to par mode and sniff and see..

Does it only happen once during bootup? In that case, it's safe to ignore.

To fix Sarg, do this from console: rm -r /usr/local/sarg-reports ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports

Sorry, I haven't noticed it  :-[ Thanks!

@mcfedr: The trouble is that at the moment a look up for a no existent name gives the result of the pfsense box. Your DNS is misconfigured. Has nothing to do with "search domain".

So your asking what you should use for dhcp server?  I like isc version https://www.isc.org/downloads/ - run it on your fav OS..  Or do you have any windows servers?  They all have dhcp server feature..