Thanks for your input.  I was wanting a completely isolated Guest network, so I did what the previous post suggested. Pfsense is handling DHCP and DNS, so the guest network is on its own.

@terse_one: The fixed-address option can be an I.P or a name. No. Completely twisted logic here. Go to Services - DNS Resolver Tick this box: [image: 2ufai6a.png] Configure your static leases in DHCP server. Done. Absolutely no need to mess with /etc/hosts. Not to mention there's Host Overrides in DNS Resolver if you want to add custom DNS records. Absolutely no need to mess with dhcpd.conf. Absolutely no need to disable any checks.

out of pure curiosity why do you want simple minded people not to use google via https?  What is the point of such a requirement?

@cmb: If your cron job is running every 15 minutes, you changed it from the once a day default. I've no recollection of ever setting that cronjob to 15 min. In fact, I didn't know there even was a dyndns cronjob until your post on Jun 4 prompted me to go look. I suppose I could have bumped it a really long time ago and eventually forgot. But that would have had to been back when pfSense was still steam powered.

This answer have not so much to do with ad blocker but with dns and ad. I have win2008 with AD and dns (ad requires dns) The clients get's their ip from pfsense dhcp . In the resolver I have made a override on domain.win to win2008 ad. Then win2008 ask pfsense for dns lookup on clients Why you ask ?? I'm have been feed up with this ridiculous mas cals and the ms hunt for bills over license and what not. Aiming to move the hole company to a ad sitting on freenas. In the resolver I have also made a override for domain.freenas to freenas. One thing that I'm a bit pusseled over is that ping domain.win takes about 2 seek for starting responding but ping domain.freenas it's instantly. With this setup I can slowly take department after department and move them over to domain.freenas. The only thing that will left on the win2008 is the MPS system. All the share will be on freenas. Several clients in the shop is only interested in the shares. When the times come when 2008 is abandom by MS hopefully our MPS will be ported to *nix enviroment or it will sit on some win7 machine.

Yes that make sense, indeed. Thank you.

I could not figure out any diffs in the config.xml files that would explain the behavior. So, I started over with a clean install of 2.2.2, and noticed the same issue directly after the initial setup at the console. Filed a bug report: https://redmine.pfsense.org/issues/4749

It looks like it was a firewall issue as pfsense does not have the default outbound firewalls rules on OPT1 that it has on LAN.  Just had to engage the brain.

Still not working in the 2.2.2 upgrade file.

I dont know. You need to elaborate here :D

because dhcpleases starts before unbound does. As long as it only happens when starting unbound, it's just cosmetic.

superscope - never saw the purpose for them to be honest.  That is for when your running multiple address space over the same physical network.. Which is stupid to do in the first place ;)

I'm glad to see people making progress on this.  I got the updates to work with the custom & custom_v6 DynDns adapters being sure to include the new record id record. But I still have two issues: When DNS addresses change the custom https response from Cloudflare includes a "rec_hash" record that also changes whenever the IP address changes.  The custom adapter doesn't seem to have a built in way to ignore a changing record like this (no regular expressions etc.) When specifying adapters both A and AAAA records there is an issue binding to the interface using an IP address in the dyndns.class.  I've had to change the binding the IP address to the interface name in order to get both IPv4 and IPv6 to work on the same interface.

thank you for the quick reply Derelict. i already config the DNS (OpenDNS) on DHCP servers per ip address. client pc config is obtain ip and dns. same problem. thank you.

Just for anyone else finding this topic, the resolution was to downgrade to pfsense version 2.1 install the unbound DNS package, set it up exactly as I did before and it works beautiful again. The Unbound version included in pfsense version 2.2 doesn't seem to be the same package whatsoever. Finally glad to have this resolved.

@Trel: @tim.mcmanus: @Trel: @tim.mcmanus: IMHO, I would have blocked mDNS on the network and forced DNS How exactly would you do that on a LAN segment? On the switch. I know, but you're assuming a switch capable of that. I'm assuming a lot of things in this thread, that's just one of them.  If the OP is in an environment as a network admin and cannot change the architecture of the network because of policy, then you can assume they have L2/L3 capable switches.  Might actually be a combination of assuming and wishful thinking. Additionally, you can block IPv6 on the network.  mDNS, or at least Apple's implementation of it, initially tries to use IPv6 and then eventually fails to IPv4.  Apple doesn't tell anyone that, but if you start blocking IPv6 on your LAN, your Apple products will start to get cranky.

Can't seem to find the log?? Pretty sure if snake you would be bitten if looking in the log section ;)  Where were you looking for it at? [image: resolverguilog.png] [image: resolverguilog.png_thumb]

OP- Mitel should have instructions on what DHCP options to set. You can set custom options with the pfSense DHCP server. You generally set an option on the LAN scope that tells the phones what VLAN to hop to. The DHCP scope on the phone subnet might need options for tftp server, etc. If the phones support it, it's better to send the VLAN tag via LLDP on the switches. If the phone vendor doesn't suck, they should be able to assist.

I know that latency will be a problem, we will run a test first and if there's a problem, then we will setup RDP and run client software on the server. Yes it is broadcast issue. To install the client, the installer sends out a broadcast and gets a response from server. Then the installer creates a configuration file to point at servers hostname. The installer just cancels if the server is not found. I am not a total newbie regarding networking, I was quite good in troubleshooting network issues in my last vew jobs, but I never had to design such a configuration at my own. This is the reason why I ask here about ideas / thoughts from the community.

@Brzenski please post another thread I would gladly try to help you.