@Gertjan Hello again, im back after 15 days because I needed to recompile everything with the latest FreeBSD kernel. So everything is now compatible for FreeBSD 15.0 (which is the kernel of pfSense).

The new file reports as :

/usr/local/sbin/dhcp6c: ELF 64-bit LSB executable, ARM aarch64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 15.0 (1500012), FreeBSD-style, stripped

You can see how I have done the steps to compile it here : https://github.com/Superpaul209/dhcp6c-armv7
Everything is up to date and you can find the binaries on this GitHub for arm64 and armv7 (for those who would like them if they are living in France).

The installation was successful on each pfSense, after a reboot Im now having an IPv6 ! The problem was therefore one of compatibility with the kernel version which was too old.

Thanks for your ideas and your help, it has solved my issue 😊

ok i figured it out..

i had to switch the ports on the Unraid management under >settings>Managementaccess to something other than 80 and 443. I then forwarded port 80 and 443 from the WAN to NGINX (Unraid IP).

had to then set DNS resolver host overrides in PFsense for each name i wanted ie. radarr.lan, duplicacy.lan, nginx.lan, etc. Then point those to Unraid's IP for NGINX to pick them up.

hostoverride2.png

In Nginx i just had to setup hosts for each one i wanted. For the dockers running in Unraid, i just put the 192.168.10.100, which is the Unraid IP. If they weren't Unraid dockers, i would put the IP of the machine they were running on.

ha2.png

hope this may help someone in the future.

@vsatmydynipnet ok mr robot.. seems like a lot of trouble to keep your isp from knowing your going to amazon.com ;)

@Gertjan you are a devil 😀 that only exists with ISC DHCP and not Kea DHCP.
I have reverted back to ISC until the enhancements to Kea are done

@Gertjan

I have been trouble shooting since morning , then I finally did two things.
1- added domain in pfblocker-ng Host-Over ride with public IP of domain .
2- Changed my WAN ip address.

Restarted resolver service now guess what website is accessible and resolved :/ and then I change back to old WAN to test if it was blocked by datacenter but it was not blocked now domain is accessible on old wan IP too.

Thanks @Gertjan for your tips :).

Regards

@johnpoz

Yep -- definitely not a complaint. I enjoy learning it all. In all the examples I've seen, .local was used after the hostname. The use of mDNS was never mentioned so I assumed .local was part of the base DNS configuration.

I started reading up on mDNS a few weeks ago -- I guess I haven't made it that far yet.

@Gertjan Its traffic analyzer

@ericnix once you enable forwarding in the Resolver settings, see https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

Switching back to the deprecated ISC solved my problem. Thank you @johnpoz

@johnpoz
Wow, you are awesome !!!
Huge thanks!
Worked!

No matter what I do I cannot get DNS to resolve over this new interface, which is strange because I have others with as far as I can see, exactly the same setup.

Traffic is definitely going through the interface/Gateway, but DNS refuses to

I have tried backup/restoring, and unbound forwarding mode + forwarder instead - All with the same result

Any help appreciated

@SteveITS Disabling DNSSEC seemed to solve it, thank you

For troubleshooting I have pulled the IP address the host had previous out of the address pool range and rebooted it. It came back with a different address from the address pool range, instead of picking the one from the static lease that matches its MAC address. So strange!

For anyone that has the same question.

A workaround I've found is the Arpwatch package. It has a Timestamp data that has the last seen time not only for DHPC clients, but also for hosts with static IPs which is amazing!

It does the job perfectly but has the following cons:

there is no convenient way to remove specific entries from the Arpwatch database; in order to find the last seen time of specific host from the DHCP lease table, I have to manually crosscheck the info from both services; sorting the database of Arpwatch is done by the letters of the days of the week, not by the date itself which is quite unusual and a bit silly.

Regards!

@NickJH DNSSEC should be disabled if forwarding. See blue note here:
https://quad9dns.github.io/documentation/Setup_Guides/Open-Source_Routers/pfSense_%28Encrypted%29/