@cmb: Don't disable it entirely, just add the additional hostname under System>Advanced. YES - YOU DA MAN! Thanks :)

Those are resolved using a little daemon that checks DNS every few minutes for updates. If DNS is down, the IPs don't get put in the alias/table in pf. When DNS comes back, the IPs will be put into the table once they have been resolved.

hi! if you are familiar with coding, check my thread, if you can help me overcome my problem ı think ay can help you my:thread:http://forum.pfsense.org/index.php/topic,53655.0.html

I'd rather not add in host overrides, since there will be many servers eventually used and I don't want to have to manually add overrides each time a new one is brought up. This should be possible with dnsmasq - in fact I know it is since I have previously used it, but something in the pfSense distribution is preventing it :(

Your ISP is handing some options to you in the DHCP lease it seems, nothing to be worried about, usually stuff for their own equipment.

http://forum.pfsense.org/index.php/topic,36066.msg186013.html#msg186013 http://redmine.pfsense.org/issues/1682

That is right. DNS forwarder worked. Thank you very much for providing me the instructions!

Thanks for the reply Please if you want Emergence login interface on the network Unregistered users in the server and request password Login In other words, shows the server without service works And how to create an entry page If you create an accessible page where fabricators in pfsense files Using software such as ssh Also required password Root I want to change the password Root where in pfsense list

Sounds like I should just leave things well enough alone if everything is working.  ;D

I was using nslookup, (without the dot at the end). I thought I first noticed it using a browser but maybe not. I'll double check, Thanks!

@johnpoz: Just because the response from opendns is signed/encrypted does not mean what opendns is giving me is good info. I think we are now into the academic area. At some point you have to trust someone. Yes, OpenDNS can serve bad data sometimes as bad data can propagate through the system. A couple of questions: What exactly does DNSSEC do? Does it encrypt the traffic between the DNS and yourself? Or is it merely a way to say "OpenDNS is actually OpenDNS"? If is the latter, then I actually would prefer BOTH - a verification that the DNS actually is the real one, and encrypted traffic so no others can tamper with the data between the DNS and me. But in both these scenarios are there any way to secure that the data OpenDNS has received is actually good. That is something that will have to rely on the communication they receive. What is important to me, and the only thing I can do anything about, is to ensure that the data gets from OpenDNS to me without going through a man in the middle or in any other way gets tampered with. The DNS I use will have to take the necessary steps to ensure the data they receive is good. I can only trust that they do it, not do anything about it.

ANSWER::::::::: Hi had to create an account to lend a hand here! It's now 00:28 in the UK and after reading your 2 posts "an10bill" and hoping to find the answer when I started at about 13:00 today I thought you might want the solution: Carefull as you ARE going to KICK YOURSELF (I did!). Go to your managed switch, Look at the egress port to your modem/router that is supposed to be delivering your DHCP address, Notice the "T" (tagged packet) and change it to "U" (untagged packet), Now the packet can be understood and travel to all incompatible NICs. Our router, second in line to the satellite modem, packed in so I hadn't realised tagging was on as the old router could handle it. Only after not being able to get DHCP directly to PFSense and yet the Laptop could (like your scenario) did I eventually discover the subtle difference. Hope this helps anyone else so they dont end up on site after midnight! Ralph, Midlands PC Engineers Ltd www.mpce.co.uk

IIRC it needs to do that because in some cases the replies from the upstream server may not be directed back at the IP as expected, so by listening on that interface it can receive broadcast traffic there as well.

Joolee: If your connection isn't trustworthy and slow there are only two things you could do. Upgrade to a better dedicated connection. OR Install a local DNS server that syncs with your master DNS server over the tunnel.  It may sometimes be out of date (if the connection is down for a prolonged amount of time) but it would continue to serve requests to clients (where possible; that is if the tunnel is down the local clients cant route to remote clients, etc).

You can create a ticcket with patchfiles, than it will be implemented in next release.

Thank you, podilarius! You are right! Problem was in the Subner. Correct one is 255.255.255.252. Problem solved.

PROBLEM SOLVED!!! My state table had LOTS of this: tcp 10.10.2.30:53227 -> 10.10.1.100:631 FIN_WAIT_2:FIN_WAIT_2 CUPS was sending LOTS of requests,  I added the 10.10.2. network to CUPS on my server and now everything is back to normal!  :)