And I also noticed that with no DNS configured in general setting that when I go to Diagnostics: Execute command and do drill google.com, it doesn't work. My pfsense is working and all the computers have DNS as does my VPN, but without a dns server entered in geneeral settings that command wont work in pfsense. So, I'm just asking how much of this is normal?

See where it says interfaces without ip address will not be shown.. Are you trying to set up a dhcpv6 relay on interface without ipv6 address?  BTW I would find it unlikely you would want to relay dhcp requests on your "wan" interface!! So for example I have ipv6 on some of my interfaces.. You can see they are listed [image: dhcpv6.png] [image: dhcpv6.png_thumb]

Well what is your dhcp server handing out?  Has your client renewed its lease after you made change in dhcp server to point to the new gateway? Is your client static?  You would have to change it at the client then.

@switchman: I would try the following under Services: Dynamic DNS clients.  No clue if it will work Thanks This also works for setting a SmartDNS update with CactusVPN.

Well its not an official pfSense package, so you wont get much support. When using dnscrypt, you should create a quick block (floating rule) on WAN of inbound and outbound UDP/TCP port 53. The main reason to use dnscrypt is to reduce the dns poisoning/sniffing risk. So after that, with packet capture on WAN, you should see no DNS traffic on 53 and only encrypted dns trafic on 443 UDP. F.

Additional info: The IP that appears in that error message is the gateway my pfSense is given on the WAN interface…

I’m a new user to pfSense and wanted to share my experience trying to get v2.2 working with enom.  I am posting this in this thread, even though it is older to keep the information in one location. I was unable to get the procedure above to work.  I had enom updating working with Tomato on a Asus RT-N16 with no issues. This is the procedure I used to get it to work in pfSense. Create a new entry with the following options in Services: Dynamic DNS client DDNS Service: -> Custom Interface to monitor: -> WAN Interface to send update from: -> WAN User Name: -> anything Password -> anything Update URL: -> dynamic.name-services.com/interface.asp?Command=SetDNSHost&Zone=YOURDOMAINNAME&DomainPassword=YOURACCESSPASSWORD&HostName=* YOURDOMAINNAME = The domain you have on enom. YOURACCESSPASSWORD = Login to enom and go to “my domains”.  On the right hand side, there is a drop down where you can select “General Setting”  Set a strong unique password in the “Set Access Password” field. I did this a long time ago an believe this is where I did it. After you save and force an update, you should see the updated IP results on the  “Manage Domain -> Host Records” screen on enom.

Yeah. Using the advice at http://serverfault.com/questions/37451/dhcp-logging-host-declarations-in-log-file, I could see that dhcpd IS matching the host entry.  But the leases file (which seems to be driving DNS) is based on the client provided hostname. I suppose any other route would require changing the resolver (or dhcpleases utility) to deal with this in a different way.

There's already an open bug report on that. https://redmine.pfsense.org/issues/3284

Something else to bear in mind is that the latest update to MacOS (version 8.0.2, I believe) cannot bind to AD/Samba connections to a domain ending in a .local suffix. So if you have any Mac users, you might want to reconsider leaving  your .local setting as is.

@phil.davis: In DNS Forwarder, Domain Overrides section. Add a domain override for "duck.loc" to go to the address 10.0.0.5 - then requests for any names under "duck.loc" will be sent to the DNS that is hopefully listening on 10.0.0.5 Thanks, it's working great now.

@Nasa_ITELIOS: Will not ever register anything and the clients will never hit the forwarder. Dunno really what are you trying to do there. Why pfSense won't register/save anything with this option checked? Did you really read the hint below that option? If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered in the DNS forwarder, These machines do NOT get their DHCP leases from pfSense. They won't register anything. This is absolutely not a pfSense issue, fix your Windows AD DNS.

Usually when firefox gets weird it's asking for and receiving an AAAA address for a site but there's no IPv6 connectivity.  On more than one occasion I have had to go into about:config and set network.dns.disableIPv6 to true until things got back to normal.

thank you Jim . we needed that as dnsmasq does not reliably monitor  /etc/hosts.extra  .  so now when I send an updated hosts.extra  will reload dnsmasq..