The only thing I can think of is to check the DHCP config matches the LAN.  Maybe the DHCP server is giving out addresses in the wrong address space for that LAN segment & routing is getting confused.

I didn't set it up that way.  Either CentOS did, or the guy using this machine did.  We don't use ipv6 in our network right now anyway.

Thanks Phil, that pointed me in the right direction. The solution was to add the following line to the advanced options of the DNS Forwarder configuraitn page: local=/subdomain.domain.com/

I made this change a couple of weeks ago: https://github.com/pfsense/pfsense/commit/87b9167234eed690ad6150624169f289f5075625 Now in 2.1 by default it just logs minimal success messages and actual errors. The other "progress scores" that it was logging only come if you enable the verbose logging option in Services->Dynamic DNS, Edit an entry.

Wow, that's shorter than I imagined. Thanks for responding…

Thank You. I have been pulling my hair out with this one, too. Then I saw this post and tried swapping out an old linksys switch.. Lo and behold, everything started working! The whole family are happy!

Why didn't you just use the built-in DNS forwarder host override settings if you are using static IPs or the DHCP server's static maqppings if you are using DHCP to assign addresses? With those two I have all my DNS needs for my LAN covered.

Brilliant. That's the ( so far ) bit I missed with floating queue rules.

i managed to change the LAN ip to 172.16.200.254 but when i change my wan tp static i dont get internet it only works when set to dhcp

Sorry, I overlooked that part.  That was just an example, I have three search domains I need.

Was there ever a solution found to this, because I'm having the same issue?

DHCP is on ports 67 and 68

Thanks :) I have choose the static IP solution.

Fixed/Solved. Was a series of comedy of errors. Had to use a console on FreeBSD server, a console on pfsense, and web access to pfsense. in pfsense shut-off DHCP server while there also removed static DHCP to 192.168.34.50 with bogus MAC to act as a placeholder.  This was first error.  ARP picked up address and showed in ARP table, but obviously it was linked to the wrong MAC address. cleaned out the ARP cache or reboot on pfsense arp -a on FreeBSD shows pfsense gateway ping to pfsense works arp on pfsense now shows 192.168.34.50 mapped to correct MAC address !! ping to FreeBSD still not working ? 8.) FreeBSD firewall rule drops (blocks) packets instead of reject.  Hence no ping.  Duh! Sort of error #2 (mental error?) Adjust firewall rules for testing.  Reset. Ok, now what about ssh into FreeBSd from pfsense console?  Nope - reject.  So its getting a response of sorts. Error #3 - FreeBSD ssh config was set to only listen on old address of server, not 192.168.34.50.  Fixed. Now have ssh access from pfsense console to FreeBSd server. Now what about original endpoint - WAN access to webserver 192.168.34.51? Yup. Thanks for pointing to arp to help trouble-shoot this. Peter

thx. that works perfect. exactly what i was looking for.

as ns0.thepiratebay.org probably will not answer DNS requests from anyone anyhow. I doubt they would do recursive, but yeah they are going to answer for records in thepiratebay.org domain - its an authoritative server for that zone.  It better answer for it. You you prob need .se, because thebay.org redirects to .se domain

Yeah I see right there in dhcp problems Also note that each time a new VM is created it’s assigned a new hardware address. You can change hardware address manually on the Advanced tab of VM Network Adapter Configuration should you need to do so. If you wireless card does not allow promiscuous, use of other macs - then use a different wireless card, or use a wire. Wouldn't another option just to set static IP?  Or use Natted connection under VM software vs bridged.

OK, thanks to your answer now I get it! I made an error in the "host" part –- oops Again, thank you sir!

@pilgrim87: how could i run a packet capture to see what's in it? Diagnostics / Packet capture Set 'interface' to the appropriate entry The resulting .cap file can be analysed quite nicely with Wireshark