Well that makes more sense and I agree with you.. So pfsense that might have both ipv4 and ipv6 -so for its dns you can setup dns servers that are both ipv4 and ipv6 and you don't dhcpd to crash because of that..

It should say hey only look at the ipv4 dns that is listed to hand out if not setting specific dns in the scope.

ok odd – if you release and renew get whats in the overall scope - even though I didn't even see that offered in the sniff..  But then when you do /renew you get what was in the offer packet?

something in the client to me..

renewgetscorrect.png
renewgetscorrect.png_thumb

If you want to allow only dns, then your rule would be as above with tcp/udp 53 as the dest port.

But why not just allow dns queries to the lan2 interface IP?  This would be a more common setup - dnsmasq can run on whatever IPs you want it to listen on.. Not like you have to run another instance of it or anything - it will just listen on more than one interface is all for queries.

I would revbump if I knew how.  ::)

Your still confused!!!  I give up – think what you want..  But dhcp has nothing to do with layer 2 at all, nothing!!  Yes all traffic has a layer 2 part of it where macs are used.. And yes broadcasts go to the all FFs address.  That's common with every single protocol ;)

From your statement pfsense wouldn't be able to firewall anything..

There is nothing in the GUI that lets you specify the max update interval - it is still set to 25 days in the code. Not sure how "add ability to configure update interval" got into the change log.
There were enhancements to make sure that No-IP free accounts actually made an IP address change after 25 days (and changed it back) as No-IP actually requires a free account holder to change their IP at least "monthly".
It would not be difficult to implement - just needs someone to do a bit of code.

Dude – why not actually provide information to fix your issue...  Its posts like this that people think there is something wrong with 2.1 -- when from the complete and utter lack of anything to actually work with it really points to layer 8 issue.

" i don't know how i can know if a firewall rules block a clients access tu the IP/interface that dnsmasq is listening on"

Then POST them and we will help you understand.

Yes your browsers cache – did you restart the browsers?

Have you checked the DHCP registration box in the DNS Forwarder settings?

sounds more like DNS issue but as a longshot you might try setting the offending interface from "auto-negotiate" to "no preference".

If you don't see any leases then they didn't get it from pfsense - you have different dhcp server running on the network?  Are the boxes static?

Any lease that dhcp server on pfsense hands out would be in the lease table..  Might not currently be active when you look at it - but it would have to be there if given out.

did you click the show all configured leases? at the bottom?

You should see something like this then.

leases.png
leases.png_thumb

@jimp:

The online indicator only tells you if that MAC address is in the firewall's ARP table. It 100% accurate to tell you if a system is actually turned on and using the IP locally.

Ah, ok, that explains it.  The secondary system wouldn't see the other boxes unless the first system failed and all the CARP addresses moved over.

How about the issue with the hostnames?

I assume this is all about kids?

Success! We detected your IP address as 198.81.129.107 and did not find an open DNS resolver running.

That one is good too (-:

Dpends on how willing you are to hunt a little and if willing to wait a week or so.

You can't have this one  ;)
http://www.ebay.com/itm/171089132544?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1439.l2649

You can have this one if you hurry

http://www.ebay.com/itm/NetGear-GS108E-8-Ports-Switch-/121177951702?pt=US_Network_Switches&hash=item1c36c4cdd6

VLAN support for traffic separation
Quality of Service (QoS) prioritizes traffic
Auto denial-of-service (DoS) prevention
Network monitoring and bandwidth control
Troubleshoot connection issues via cable test

This enhanced switch can only be configured with a PC. The configuration is not MAC compatible  (needs windows)

agree with u. Thank u very much. Its much simpler to add 3 separate entries :)