Well its not sucky suddenlink. It has to be pfsense. I did a total restore of Version 2.1. It worked, as soon as I change the DNS from google to opendns it started again. I installed 2.03 like I used to use and it works great. Might be a bug might not be… Could be a setting that I did. Not sure either way 2.03 works great.

Use captive portal with WAP2. This way, in the future, a person standing to the side can't sniff the unencrypted packets, get your MACs then use the MACs to get a free ride on your wifi. It won't prevent one of your customers from sharing the WPA2 key though if they purposely want to do that.

@wallabybob: pfSense should update addresses every 25 days or on a change. How soon is "TOO SOON" and how long is "TOO LONG"? Updating more than once within 600 seconds results in a TOO SOON error. The problem is it never attempts to wait and update the address again when receiving this error. So unless the address changes yet again after 600 seconds, it will never be updated. Basically it doesn't retry after a delay when receiving a TOO SOON error.

Yeah, exactly… A rather heavy approach would be setting up static DHCP leases for everything and configuring the static ARP for everything as well. However, that could be usable in enterprise environment, not with open wlan, I'm afraid.

Yes I do have static DHCPs mapped. FWIW, these are those D-Link Green switches. I believe they do stuff with the power to each port in order to conserve energy. I'll look for another switch to test it out.

In tinydns, "Enable recursive DNS responder" means to enable dnscache, its partner in crime that handles recursive queries. They can't both bind to the same IP, so you tell tinydns to bind to some interface/IPs, and you have dnscache bind to others. I much prefer the pfSense DNS forwarder (dnsmasq) because it actually works. It's not dnscache's fault it's mostly broken, but few have been interested in fixing that part of the package to get all of the files/syntax correct. And now that it's not really necessary, it may be better to just remove that option.

@kejianshi: Sounds good, although I doubt the OpenDNS guys would like to think of themselves being "inflicted" on hosts.  I've been thinking to do something like this myself so that I can not "NEED" Dansguardian on most installs. I like to keep firewalls as uncomplicated as possible. If I can selectively apply DNS rules to clients and remove a process from my firewall I'm happy. I got this working today.  Created a new VM running 2.1-RC0.  Imported config from the old VM.  Then I set up another Linux VM as the 2nd DNS server using BIND in a chroot jail.  Two forward zones: one for the internal network domain which forwards those requests to the pfSense resolver and another for "." pointing to the OpenDNS servers. I logged into the OpenDNS control panel and set up the content filtering.  Then I set up a new DDNS profile in pfSense to update OpenDNS whenever the WAN IP changes. Finally, I used the DHCP config options in 2.1 to set the 2nd server as the DNS for the hosts I wanted to filter.  I also tweaked the max TTL cache time on the 2nd DNS to 5 min.  That way when I need to whitelist a domain the users don't have to wait long for it to go into effect. Now I just need to set up the firewall rules to prevent back doors and I'm done.

Yes, that works nicely. Thank you! I chose to use /etc/roundrobin for my file. :)

As phil spells out correctly already many systems will auto append the domain they are in, be it you set it up on the system or they got it from the dhcp server, etc. If home.de is a valid domain on the public net, it normally is not a good idea to use that as your domain on your local network - unless in fact you own said domain. I would suggest you change your local systems to use say home.lan or home.de.lan or .local or  de.home etc.. something where the .tld is not a valid on the public.  This should remove any issue of it resolving to a public IP. You can then resolve these hosts via pfsense dns or as stated create a forwarder in pfsense to send to your local dns that can resolve such domains, etc.

Hi, thanks for the answer; i found a solution to update the  nameserver for the host only with curl and a xml file. May be someone can help me to add this provider into pfsense in the right way. To find out the id from the host entry it is possible to send a "query" to the provider and get back an xml with members/values  and on is the right one …or over webif you are able to see the id. How do i parse the income xml on pfsense for the required info like id or status code; look like the xml file i post. here a example to change the ip curl -X POST -d @xml https://api.domrobot.com/xmlrpc/ <methodcall><methodname>nameserver.recordUpdate</methodname>   <params><param>         <value><struct><member><name>user</name>                   <value><string>%YOURUSERNAME%</string></value></member>               <member><name>pass</name>                   <value><string>%YOURPASSWORD%</string></value></member>               <member><name>id</name>                   <value><string>%IdOfTheHostEntry%</string></value></member>               <member><name>ttl</name>                   <value><string>3600</string></value></member>               <member><name>content</name>                   <value><string>%WanIP%</string></value></member></struct></value></params></methodcall>

^ agreed there is no information to even start "guessing" at what could be wrong if anything.

@doktornotor: http://forum.pfsense.org/index.php?topic=40157.0 Looks like that is for adding option 82 during relay and not matching option 82 to a specific dhcp pool.

People can clone MACs and set their mac address to anything they like, so if you are running wireless, that could be the case here.  Just a possibility.

You are missing: (same as parrent folder) - Host (A) - ip.add.re.ss - domain.ca (same as parrent folder) - IPv6 Host (AAAA) - ipd:d:r:e:s:s - domain.ca

"Is it normal that clients extend a query for e.g. www.atmel.com to www.atmel.com.mydomain.de  given my domain is mydomain.de ?" Yup – its suffix search, it can be your friend but to be honest it can cause unwanted queries..  If you don't like your clients doing it -- you might want to turn it off on the clients.  Its only really helpful when your trying to do a dns query via only host name, your local domain gets added for you auto, etc. Glad you got it sorted, so not a dns issue but network problem.

@sevenmac: there is no computer jack on lan. That's what you think! Some computer, which thinks of itself as Jack, has MAC address 00:1e:64:28:df:84 and is requesting DHCP configuration on your LAN interface. It either doesn't get the reply or ignores it. Here's an example of a successful DHCP transaction from my DHCP log for comparison with your DHCP log: Jul 4 20:06:40 dhcpd: DHCPDISCOVER from 00:30:18:b0:19:85 via bridge0 Jul 4 20:06:40 dhcpd: DHCPOFFER on 192.168.211.217 to 00:30:18:b0:19:85 via bridge0 Jul 4 20:06:40 dhcpd: DHCPDISCOVER from 00:30:18:b0:19:85 via bridge0 Jul 4 20:06:40 dhcpd: DHCPOFFER on 192.168.211.217 to 00:30:18:b0:19:85 via bridge0 Jul 4 20:06:42 dhcpd: DHCPREQUEST for 192.168.211.217 (192.168.211.173) from 00:30:18:b0:19:85 via bridge0 Jul 4 20:06:42 dhcpd: DHCPACK on 192.168.211.217 to 00:30:18:b0:19:85 via bridge0 I wonder what happened to the DHCP replies from pfSense.

Thanks for your replies. Yes, unbound works and running stable for me since almost a week on 2.1 RC0 (using amd64 Jun 26 something at the moment).