adding the entry to your host file is not the right way to do this.
pfsense>services>dns forwarder

Add to host overrides
www      mysiteurl.com        myserverIP        (what ever for desc.)

or ad to domain overrides if you wish
mysiteurl.com  myserverIP  (do not enter your host names i.e. WWW)

Cheers

Ok. I'm just using the pfsense box as DNS. and it does work when I set it up to (ex. printer.private) it does go to the printer page. I guess I'll just use it like this since I don't have a seperate server for WINS.

Thanks for your help.

After creating a dns account, basic info to configure is

username, password

hostname

Found it.

Pinging through opt1 any host from the ssh-console didn't work, even traffic routed through the opt1 interface didn't answer, well ping answered on client machines routet through opt1 (LAN rule) but no internet.
Setting opt1 as the default gateway enabled traffic routing through opt1, but disabled it on wan. (i've read about this behavior here quite a few times)

I've deleted my only NAT rule, switched "Allow default gateway switching" on and off and recreated the NAT rule (tcp-rule) exactly like it was before and now everything works, dyndns (without modifications), traffic routet through opt1 etc.

I couldn't recreate this behavior…

Edit: I had a layer7-filter-floating-rule which blocked opt1, don't know why...

Thanks

I find the answer with this post

http://forum.pfsense.org/index.php/topic,44413.0.html

So I take it pfsense is your office firewall server?

So is pfsense going to be your networks dhcp server?

Sure you can hand out whatever you want in dhcp for clients dns, be it pfsense box or any other dns for that matter.

Your non-caching statement is a bit confusing.. If you want to be an authoritative name server for say yourdomain.tld and not do recursive that is fine, no caching would be done.  But then you say "and also able to resolve external hosts."

Well if the nameserver is going to look up what I assume is public dns, then it would cache those entries.  Even if looking up say records from other specific nameservers you create NS records for, it would then still cache those look up for the length of the TTL.  This is just how dns works.

I have never heard of anyone that would want to look up records from other nameservers and not cache those for the length of the TTL of what was looked up.

Unbound or Tiny Dns packages would both be able to do what your after – I am becoming a real fan of unbound, and would suggest you take a look at that one.. The package has become very feature reach, and pretty much anything you can think of can be configured right from the package gui it adds into the pfsense gui.

You can resolve local hosts, ie I have like 20 or so hosts in my local.lan zone -- and then it also does my networks external dns requests.

how many local records are you talking about?  Do you have multiple local zones?

And sure the dhcp server in pfsense can hand out how ever many dns servers IP you want to its dhcp clients.

I can't find it.  Could have sworn it was there somewhere in 1.2.3.

em0 is my WAN and more dhclient.leases.em0 will do it.

For some reason there's a history in there and the last one is current.

Good point. VPNs would be a huge issue with that ip range.

mystartantiphishing.com resolves to a private IP, which is why you're seeing that. Why something on your network is doing DNS lookups on that is another question. That domain is registered to Visicom Media Inc. http://software.visicommedia.com/en/ Not familiar with them, but looks like they may be a legit software provider. Maybe you have one of their apps installed on one of the machines in your network.

Did you create firewall rules?

DNS servers in general setup are:
8.8.8.8 (Google)
8.8.4.4 (Google)
208.67.222.222 (OpenDNS)
208.67.220.220 (OpenDNS)

This is also the only site that I have seen this on, which makes me think that it's some funny config on their end.

I did notice that when running nslookup I get

Non-authoritative answer: Name:    arstechnica.com.mydomain.com Address:  67.215.65.132

as the result.  Additionally, if I click through to an actual article it goes through.  It's only the home page I have issue with.

@tomdlgns:

i used this command in the dd-wrt router to intercept DNS that client machines were trying to use.

I suspect an equivalent in pfSense would be to set up a port forward rule on the LAN interface as follows:
On Firewall -> NAT, Port Forward tab click "+" at the bottom to add the rule (default values not specified here): Interface=LAN, Protocol=TCP/UDP, Destination=(not box ticked, Type=(Address=LAN address, Destination port range from: DNS)), Redirect target IP = <pfsense lan="" ip="" address="">Click Save then go to Diagnostics -> States, click on Reset States tab, read the explanation then click on the Reset button and test the new port forward rule.

I haven't tested this. I expect it would forward any TCP/UDP access to port 53 (DNS) on an address other than the LAN IP address to the LAN IP address.</pfsense>

You have a Allow all rule on all interfaces. It's supposed to be working.

Aren't you using the same network on wan and lan?

check you firewall rules and dns forwarder options.

try to ping an external ip to check if your problem is routing or dns

I added a note to that wiki page

Thank you for your reply.  I am using the 32-bit version, but it should work on either version.  You mention rules that are automatically added:  Would you please tell me the rule set for the interface being served by dhcp relay and the ruleset needed by the interface where the actual dhcp server is located.  My system doesn't seem to be generating any rules for me.

Thanks.

hopped into ssh an deleted all the files on /tmp, and rebooted the machine. afterwards I had 35MB of free space, but dhcp isn´t still working…

I attached a screendump of the dhcp-logs, just in case i´m missing something. actually there are no clients requesting a lease. I tried to, but didn´t get one.

pfsense_dhcp_logs.png
pfsense_dhcp_logs.png_thumb

That's for the info! I'll check the main system logs and see if I'm getting errors.

Edit: There doesn't seem to be any record of it trying.