Sorry, have been out of town on business. craigduff: They are all individual (no forest). I don't think stub zones are the answer. I don't want dns on the far ends of the VPN tunnels, just on the local side with the pfsense box. I really don't want to replicate the entire zone from BIND or MSDNS to the pfsense box if I can help it. Basically what I think i'm looking for is a conditional forward. jimp: I get the whole . at the end thing (been doing that for years), however, the problem is there is no way a wildcard could be set. An example is abc.local is a domain that i would like to look up. So if i want to connect to desktop-01.abc.local the lookup should go to pfsense and pfsense see the domain then forward it to the dns server at abc.local which in return should supply the ip address of the machine. Correct me if I'm wrong or if I have missed something. I was under the impression that in pfsense the DNS Forwarder (under domain overrides) would forward dns requests for a domain to the dns controller at the ip listed.

Definitely that was the problem, change the network card and enable the DHCP server on it and now works correctly, wallabybob thank you very much your answer helped me a lot.

thanks very much for that.  When I read the notes for that option it kept referring to external sites that could be redirected (I assume this is the dominant use/need for this feature), and totally missed the local-host capability. I just did this last nite, and it works well! :)

Sounds like they need a systems administrator on site.

Dyndns services simply resolve a given hostname to your IP, they don't touch any of your traffic to your hostname. Short of getting a VPS or other server out on the Internet somewhere and connecting to it instead and having it do the port rewriting magic via netcat or similar, there isn't a solution for that.

You almost certainly don't want to have dhclient running on eth0 since that is likely to result in two different MAC addresses asking for DHCP configuration from your ISP (unless your cable modem is acting as a DHCP server). Have you checked the pfSense firewall log for signs DHCP requests has been blocked by the firewall? Have you done a packet capture in pfSense to look for DHCP traffic? @otakucode: Am I correct in thinking that if it were receiving requests, they would be recorded in the DHCP logs? Yes @otakucode: If I tell the machine to use DHCP, I end up with a garbage IP (169.x.x.x). That is the usual consequence of a machine not receiving DHCP response. @otakucode: In the VM, both the LAN and WAN connections are set to be bridged to the two physical NICs, one connected to my LAN, the other to my cable modem.  In Ubuntu, in the /etc/network/interfaces file I configured the WAN-connected interface (eth0) to receive no IP, and the other interface is set up with eth1:1 with a static IP, and eth1 with no IP. I'm not as familiar with Linux networking as I am with FreeBSD networking. What the meaning of an interface name like eth1:1? VLAN with VLAN tag 1 on physical interface eth1? @otakucode: I did notice both my adapters are now in promiscuous mode, which is apparently necessary for the bridged networking to function. Yes.

What? what is this fqdn of the phone server?  phoneserver.something.tld ? Then for something.tld you are forwarding it where?  What nameserver are you forwarding it to that can resolve hosts in something.tld? Do you have access to this server?  Can you directly query it and it resolves your phoneserver.something.tld Or do you just wan your pfsense to return IP X, say 1.2.3.4 when you ask for phoneserver.something.tld - you can have the forwarder return whatever IP you want for whatever host you want.  You do not have to forward to another server to ask for the IP of the fqdn.

Hey Guys, I really made a very, very stupid mistake :(. Seems like everything happened because I gave my client via static DHCP the same IP as the LAN interface of the pfSense machine. I just did not use my eyes nor my brain. Thanks for your support!

I'll give that a try, thanks

I have submitted this as bug to freebsd, just waiting on confirmation that it was taken, will post link to report as soon as I get it here in this thread. Ok the problem has been posted - you can follow it here http://www.freebsd.org/cgi/query-pr.cgi?pr=170279

@NOYB: Complaining to ISC wouldn’t help either.  Even if they made the change, by the time pfSense upgraded to a version of FreeBSD that used it, IPv6 would be a distant footnote in internet history.   ;) LOL, funny but not entirely accurate. Actually just in the past few months pfSense has upgraded several packages (e.g. the above mentioned ISC dhcpd, or lighttpd) to their very latest stable version, mostly to address vulnerability issues. Anyway, I know what you meant, but it's a direct consequence of the development model. Unless someone is willing to fund a certain pfSense feature, it might take years before it's implemented (just look at how long it took for the Snort package).

I set this MAC to static IP and block this IP from accessing anything at Firewall Rules. I can't even manually delete this DHCP lease. What a strange?  :o

The client you're pinging/resolving from - is it actually using pfSense as its DNS server? If it resolves from Diag > DNS, then it would from clients using pfSense as their DNS server. If it's using some other DNS server, it may be finding fiinas by NBNS and not DNS.

If they are static IP addresses, why do they need to be set using a dyn dns agent?  Just go to your dyn dns service and set them.  Since they are static they should never change.

Activated rules DHCP Registration and Static DHCP in the tab Services: DNS forwarder and it worked. Thanks for the advice!

Thank you, wallabybob and GruensFroeschli, for your suggestions. I bridged the two connections as suggested and it worked!  Now everything gets an IP address in the 192.168.1.x range, and everything can see each other. In case anyone else is wondering, here are the instructions I used: http://forum.pfsense.org/index.php/topic,20917.0.html

http://snapshots.pfsense.org/

take a look on https://github.com/bsdperimeter/pfsense-packages ipguard is a small package that you can base yours.