@johnpoz: what?  pfsense can use either something you forward to be it your isp dns or opendns or level3 4.2.2.2 or could be its own resolver.  But yeah if your clients are all using ad dns, there is little point in having pfsense be another hop in your dns queries.  Either have your ad dns forward to something or have it directly resolve as well. You could even point pfsense to your AD dns if you wanted too. Thank you this what i configured now. why the ISP dns wasnt resolving today the ISP Modem was dead ! just figured out New Modem is sent. Thank you guys for the help

Frankly, noone here cares about outdated versions and nothing will get fixed there. Fair enough. Plus, looks like you did an accidental cross-arch upgrade at least once, leaving junk behind. Could be. As near as I could tell, it had not been updated since install, but clearly something happened. My guess is: Sometime in the past, libraries, ld.so.conf or something got hosed. dnsmasq fell over today for unrelated reason and couldn't restart. I reinstalled it. It's a lab, so meh…

Perhaps this?

Beginning with an new configuration from scratch is what i didn't want to do. I partly followed the above advise by resetting the firewall but in stead of building everything from scratch I uploaded the configuration file i exported before updating pfsense. For me that made sense because the previous configuration worked for two years (i thought one but i saw it worked 2) and so the only thing that had to be changed was the LAN-subnetmask (like you can read in previous posts: i already knew that but after rebooting pfsense it didn't work at all). The problem with rebooting and pfsense not working anymore was solved after resetting en uploading my configuration file but the proxy error not. This was solved by installing squid3 (it first installed squid, the package that was used in the past). Thanks for the help.

Hi! I'll try to give you a hint here. I've got this scenario and it works fine. You can do it in two ways. The simplest Manually specify AD-DNS as DNS on the client which you want to join Join domain with the full domain name, eg. mydomain.sample The other way. Verify that pfSense can route traffic through the tunnel (use workaround with LAN-gateway) Documented here Add AD-DNS to DNS Resolvers Domain Overrides, eg mydomain.sample points to your AD-DNS Join domain with the full domain name, eg. mydomain.sample

yeah seems to be broken.. and bit confusing because under the wording of the description field You may enter a description here for your reference (not parsed). So which is it, check and creates txt from this, or its not parsed?  Seems its not parsed..

You know, it works perfectly fine with IPv6 static IP and without any track interface nonsense. Make sure you have disabled the DNS forwarder.

This is an other issue but a little bit relevant as I was fiddling about with the "Outgoing interface"  :P … Haven't yet checked if this also solves the domain name registration/answer described in the first post. https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN Reading up and understanding one other IPSEC specialty. Restored setting for Outgoing interface to "All" and it works as it should now. pfSense it self can now reach the other side of tunnel. About not getting traffic from pfsense through tunnel IPSEC https://forum.pfsense.org/index.php?topic=92132.msg513079#msg513079 Btw, what are the recommended setting for "DNS Resolver" "Network Interfaces" All but not WAN? "Outgoing Network Interfaces" "All"?

By having records for them..  How else would you do it?  Across vlans it is not possible to broadcast for names.  So you need dns to resolve it, or you could run a "wins" server if you so desired to resolve "netbios" Just create a host over ride it takes all of 2.3 seconds tops to do so ;) In the amount of time it took you to post the question you could of created them all..

The /32 mask default on the static WAN interface was doing it, I never gave it a second look. Changed to /24 and connects fine now. Thanks for mentioning it, I knew it was one simple setting somewhere!

Thank you both for your answers! I will keep the settings as it is.

OK, you're not really answering my questions, which make sit very hard to help you. My final attempt to help you, pleae post screenshots of the following: Interfaces - WAN Interfaces - LAN Firewall - Rules - LAN Firewall - Rules - OPT1 (if present)

@doktornotor: Uhm… when you have no DNS server running on pfSense, then pointing anything at pfSense will obviously be useless at best. Enable the resolver, create a domain override there for your AD domain pointing to an AD DNS. Then you can hand it out via AD DHCP. Thank you! Any special options i should change in the pfSense DNS Resolver? Should I define any Reverse pointers/zones for pfSense, so it knows my hostnames, etc? EDIT: Should I tick the box called "Do not use the DNS Forwarder as a DNS server for the firewall" under the  System->General tab? BR Jim

so is your thread just as lacking in information?

This? http://www.ibvpn.com/billing/knowledgebase/63/OpenVPN-setup-on-pfSense-firewall.html

You can use firewall rules to determine which devices on the network get IPV6 and which do not.  Maybe just don't let your appletv get an IPV6 address?

With the domain override, you're telling it "to lookup queries for *.thepiratebay.se, use DNS server at 199.27.135.8". Since 199.27.135.8 doesn't reply to DNS, that doesn't work. When you add a host override for thepiratebay.se with 199.27.135.8, that tells the system "resolve thepiratebay.se as 199.27.135.8". That overrides it locally without needing any other server for resolution. The first, as 199.27.135.8 is currently configured, would never have worked because it doesn't reply to DNS.

@KOM: I didn't think it was a pfSense problem.  Now yo know for sure. It was a issues with the switch at the co-location.  My tests now show it working so going to go live with the changes this weekend.  Thanks to everyone. :)

Hi thank you again for your effort but i figured out and made a tutorial if anyone is in need http://www.mediafire.com/view/6tmi6uwp72mnc6j/Setting_up_Virtual_Interface_guest_as_access_point_behind_ddwrt_or_pfsense.pdf Thank you