@NOYB: Complaining to ISC wouldn’t help either.  Even if they made the change, by the time pfSense upgraded to a version of FreeBSD that used it, IPv6 would be a distant footnote in internet history.   ;) LOL, funny but not entirely accurate. Actually just in the past few months pfSense has upgraded several packages (e.g. the above mentioned ISC dhcpd, or lighttpd) to their very latest stable version, mostly to address vulnerability issues. Anyway, I know what you meant, but it's a direct consequence of the development model. Unless someone is willing to fund a certain pfSense feature, it might take years before it's implemented (just look at how long it took for the Snort package).

I set this MAC to static IP and block this IP from accessing anything at Firewall Rules. I can't even manually delete this DHCP lease. What a strange?  :o

The client you're pinging/resolving from - is it actually using pfSense as its DNS server? If it resolves from Diag > DNS, then it would from clients using pfSense as their DNS server. If it's using some other DNS server, it may be finding fiinas by NBNS and not DNS.

If they are static IP addresses, why do they need to be set using a dyn dns agent?  Just go to your dyn dns service and set them.  Since they are static they should never change.

Activated rules DHCP Registration and Static DHCP in the tab Services: DNS forwarder and it worked. Thanks for the advice!

Thank you, wallabybob and GruensFroeschli, for your suggestions. I bridged the two connections as suggested and it worked!  Now everything gets an IP address in the 192.168.1.x range, and everything can see each other. In case anyone else is wondering, here are the instructions I used: http://forum.pfsense.org/index.php/topic,20917.0.html

http://snapshots.pfsense.org/

take a look on https://github.com/bsdperimeter/pfsense-packages ipguard is a small package that you can base yours.

1.2.2 … well I would upgrade ... there are no patches or any development going on for that version. Try 1.2.3 if you cannot move out of the 1.2 series. I would highly recommend moving to 2.0. Most likely that issue has been fixed since then.

Look at Captive Portal Pass Through MAC as that may do what you need.

Well MAC address works only in local lan, and can't never go "through/over" router.. that's why ip-addresses are invented. But you could do dhcp-reservation for this mac address and make firewall rule to allow only one ip-address, and that is the same with the reservation

you should be able to do release/renew while doing a packet capture I would think.

Hello Thanks by your answer. That is what it happened. First I tried using the full backup and restoring only DNS. Didn't want to restore the full backup because i want to create new config for some sections. Best,

Well I tried putting a couple and enabling the IPGuard service. All the rest of the network went down. No one was able to connect to the local network as well. I'll look at the sample config and get back. In the meanwhile, keep posting :)

@cmb: @NOYB: P.S. Modified my pfSense forwarder to query the DNS servers sequentially.  My primary DNS server responds quickest nearly every time anyway.  So the additional queries don't really add any benefit, except when primary DNS server is down query responses will be slower.  But that is rare. I wouldn't do that in most circumstances, you'll have much more consistent performance with the defaults, and it's not like doubling, tripling or quadrupling your DNS requests has any notable impact on bandwidth or anything else. Not suggesting that you or anyone else should do this.  Just pointing out that it can be done because the OP asked about pfSense simultaneous DNS queries behavior. As mentioned previously, since my primary DNS server is the first to respond nearly 100 percent of the time the main benefit of the others is if/when the primary goes down, which is rare.  I’ll stick with sequential queries.  Don’t consider mine to be "most circumstances". But let’s not hijack this thread.  I’ve posted details for doing this in another thread where it can be discussed on topic.

I have a setup kinda like this for my guest Wifi. I used VLAN Tagging all the way to pfSense. Give your client a static ip and dns(like 8.8.8.8). Can you route out to the internet?

The same problem here with Nortel Contivity and pfsense 1.2.3. It happens 1-3 times a month. I've seen people with monowall complaining about the same issue. It must be something with hardware platform and freebsd incompatibility. Any chance about running script/cron job to check and restart dnsmasq service when it happens? Every minute or maybe every 5 minutes? That would do it for me. Crontab is not good place to add that because it might be overwritten. How about adding it inside /var/cron? I'm OK with Linux, but I would like some input from people with pfsense/freebsd experience. And yes, I still didn't upgrade to pfsense 2.0.1. Actually, it's on one of my customers machines and it looks like upgrading to 2.0.1 will not resolve this issue. And 1.2.3 works just fine for them for now.