Again you did a query for a domain that doesn't even exist most likely

dnstest.mydomain.com**.home**

Is not

dnstest.mydomain.com

If setup tiny to be authoritative for mydomain.com, and created an A record for dnstest in that domain..  Doing a query for dnstest.mydomain.com**.home** tiny will tell you pretty much F off ;) if you didn't set it up for recursive.

As to what its authoritative for - it would only be authoritative for the zones you created on it..

WAN interface is configured as DHCP client so no dhcp server setup on WAN. DHCP server is running on a router and a static ip has been reserved for MAC address of pfsense wan to stop chatter on the line.

It looks like the issue was that we decommissioned workstations without removing them from Active Directory.

The DNS records of the old workstations stayed on the domain controller while the new workstations were joining, and I ended up with multiple DNS records pointing to a single IP address.

The DNS/ActiveDirectory forwarding is working fine with pfSense, I have a similar setups at other sites.

Thank you very much for the inputs, appreciate it.

Regards.

@johnpoz:

@HCJ:

@johnpoz:

So create a forward on your lan that says anything going to 53 tcp/udp redirect to whatever dns you want them to use IP address.

how would I do that?

Simple port forward, note its using LAN as the interface though.. See first image..  So I set my client to use 8.8.8.8 for dns - see googledns can not resolve my pfsense.local.lan fqdn - but once I put in the forward.  The clients query to 8.8.8.8 just gets redirected to pfsense dns that can resolve it.

thank you worked a treat

that doesn't give you host name unless their is a PTR record for the device.

-a            Resolve addresses to hostnames.

In windows your prob better off doing a nbtstat to the box for its hostname

C:>nbtstat -A 192.168.1.8

Local:
Node IpAddress: [192.168.1.100] Scope Id: []

NetBIOS Remote Machine Name Table

Name              Type        Status
    –-------------------------------------------
    STORAGE        <00>  UNIQUE      Registered
    LOCAL          <00>  GROUP      Registered
    STORAGE        <20>  UNIQUE      Registered
    LOCAL          <1E>  GROUP      Registered

MAC Address = 00-0C-29-55-4F-95

If it were me I'd put a blank VLAN on a managed switch between the two, and capture the traffic during DHCP and see what's going on.

You could run a packet capture on pfSense but I would rather have a mirror/monitor port doing it so you're positive you're not experiencing something on the wire that just isn't being picked up by the NIC and sent to tcpdump.

I suspect that's the file handle leaking issue that some have seen. That's been fixed in 2.2, I'd encourage you to try 2.2-RC. Your description of what it does is correct.

Since you posted to get details on your outline from others….Anyone have any examples of domain overrides?

If the two firewalls are unable to reach each other on every interface then the DHCP daemon can't exchange its lease info on each interface running DHCP. Solve that bit and things should start working.

I think this is the bug that cmb raised a couple of days ago: https://redmine.pfsense.org/issues/4061
Seems it is a known issue without a quick fix right now.

And just like that, upon wanting to try what you just said, I receive an IP.
This is just weird
I didn't change anything.
If it somehow pops up again, I'll post the diagnostic log.

Ok, after days to test and wait for result : i solved it by input google in dns server for my wan2 (which doest want to update!)

Et voila!…

ps : in the log i still see :

php: rc.newwanip: Curl error occurred: Failed to connect to members.dyndns.org port 443: Operation timed out

but the dns is up to date so…

"what my ip changes to it points to my server's ip."

Who says its going to change?  If your router is on 24/7 it shouldn't change.. I have had the same IP for like 2 years..  Unless your on one of those crap isp that forces changes if your box is on, it should just continue to renew your ip over and over and over again.

So is that currently your ip?

;; ANSWER SECTION:
mc.m1gaming.net.        3600    IN      A      50.26.225.4

I'm looking for the answer to this as well.

Keep an eye on this thread to see if we get any answers…

https://forum.pfsense.org/index.php?topic=69635.msg465570#msg465570

Colin

Why do people freaking cross post??

https://forum.pfsense.org/index.php?topic=84733.0

I'd be happy to follow best practices but I can't think of how to do this.

Let's say we have 5 users, each with a laptop, iPhone, and iPad.  All 15 devices are automatically connected to the VPN.  If I wanted to give each device a static IP by specifying their usernames, we'd have a problem where I can only specify 5 IPs for 15 devices, right?  So instead, I created certificates named "bsmith_laptop" and "bsmith_ipad" and disabled the "username-as-common-name" option. That way, I can safely specify an IP for each device.

The reason I'd like each device to have a static IP is so I can access the devices by name using DNS.  Currently, my DNS server and its cache don't update quickly enough to handle these 15 devices coming up and down all day.

A static route is not a default gateway.