Did you create firewall rules?

DNS servers in general setup are: 8.8.8.8 (Google) 8.8.4.4 (Google) 208.67.222.222 (OpenDNS) 208.67.220.220 (OpenDNS) This is also the only site that I have seen this on, which makes me think that it's some funny config on their end. I did notice that when running nslookup I get Non-authoritative answer: Name:    arstechnica.com.mydomain.com Address:  67.215.65.132 as the result.  Additionally, if I click through to an actual article it goes through.  It's only the home page I have issue with.

@tomdlgns: i used this command in the dd-wrt router to intercept DNS that client machines were trying to use. I suspect an equivalent in pfSense would be to set up a port forward rule on the LAN interface as follows: On Firewall -> NAT, Port Forward tab click "+" at the bottom to add the rule (default values not specified here): Interface=LAN, Protocol=TCP/UDP, Destination=(not box ticked, Type=(Address=LAN address, Destination port range from: DNS)), Redirect target IP = <pfsense lan="" ip="" address="">Click Save then go to Diagnostics -> States, click on Reset States tab, read the explanation then click on the Reset button and test the new port forward rule. I haven't tested this. I expect it would forward any TCP/UDP access to port 53 (DNS) on an address other than the LAN IP address to the LAN IP address.</pfsense>

You have a Allow all rule on all interfaces. It's supposed to be working.

Aren't you using the same network on wan and lan? check you firewall rules and dns forwarder options. try to ping an external ip to check if your problem is routing or dns

I added a note to that wiki page

Thank you for your reply.  I am using the 32-bit version, but it should work on either version.  You mention rules that are automatically added:  Would you please tell me the rule set for the interface being served by dhcp relay and the ruleset needed by the interface where the actual dhcp server is located.  My system doesn't seem to be generating any rules for me. Thanks.

hopped into ssh an deleted all the files on /tmp, and rebooted the machine. afterwards I had 35MB of free space, but dhcp isn´t still working… I attached a screendump of the dhcp-logs, just in case i´m missing something. actually there are no clients requesting a lease. I tried to, but didn´t get one. [image: pfsense_dhcp_logs.png] [image: pfsense_dhcp_logs.png_thumb]

That's for the info! I'll check the main system logs and see if I'm getting errors. Edit: There doesn't seem to be any record of it trying.

@wallabybob: What update? Where did you look and what about it doesn't look OK? The public IP changed and 1 hour after the 2 addresses where still pointing on the old address @wallabybob: Did you use pfSense WEB GUI page Services -> Dynamic DNS? yep @wallabybob: From memory, dynamic DNS entries corresponding to pfSense boxes where the monitored interface has a private IP address are checked (polled) at 1AM. If the monitored interface has a public IP address changes in the IP address are pass on to the Dynamic DNS. Here's the shell command to get the dynamic DNS information out of the system log and what it reported on my system: clog /var/log/system.log | grep -i dyndns Dec 19 01:01:02 pfSense php: : DynDns: updatedns() starting Dec 19 01:01:02 pfSense php: : DynDns debug information: 203.144.23.156 extracted from local system. Dec 19 01:01:02 pfSense php: : DynDns: Current WAN IP: 203.144.23.156 Cached IP: 203.144.23.156 Dec 19 01:01:02 pfSense php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. Dec 19 15:18:14 pfSense php: : DynDns: updatedns() starting Dec 19 15:18:14 pfSense php: : DynDns debug information: 203.144.5.63 extracted from local system. Dec 19 15:18:14 pfSense php: : DynDns: Current WAN IP: 203.144.5.63 Cached IP: 203.144.23.156 Dec 19 15:18:14 pfSense php: : DynDns debug information: DynDns: cacheIP != wan_ip.  Updating. Cached IP: 203.144.23.156 WAN IP: 203.144.5.63 Dec 19 15:18:14 pfSense php: : DynDns: DynDns _update() starting. Dec 19 15:18:20 pfSense php: : DynDns: DynDns _checkStatus() starting. Dec 19 15:18:20 pfSense php: : DynDns: Current Service: dnsomatic Dec 19 15:18:20 pfSense php: : DynDns debug information: 203.144.5.63 extracted from local system. Dec 19 15:18:20 pfSense php: : phpDynDNS: updating cache file /conf/dyndns_wandnsomatic'all.dnsomatic.com'.cache: 203.144.5.63 EDIT : yep, everyday @01:01 in my logs the last entry for DynDNS was @7:25 AM this morning (and it's 4:07PM now) So is there something to force the DNS check/update every 15 minutes ? EDIT : found the solution… with the crontab package you can change the Update Frequency… thanks :)

"I have tried to set manual DNS entries but I couldn't without a domain name but I am not running a domain." What??  How would you set a name in DNS if you were not running a domain?? DNS = Domain Name System (or Service or Server)

If you want to run your own dns, you could just install the unbound package on pfsense - no need for MS dns, which I don't believe is viable on WHS anyway.. They really striped out the actual useful features of server with WHS, like dns.. Now maybe there is some patch or something to turn it back on? Or you could always just run bind on any box on your network, even your WHS, etc. But if you want to run your own dns, I would really check out unbound package.  Its be working great on my setup.  Has dnssec support and ipv6 support as well.  And has been pretty much rock solid, I keep hearing that it will be fully integrated into the 2.1 line vs a package which I am very much in favor of! Only thing that would be nicer would be to create package or easy howto in running full blown bind on pfsense.

I must admit I never really touched those settings… [image: nat.png] [image: nat.png_thumb]

Thanks for the info. Doing the extra level of indirection isn't perfect, but at least I can keep my configuration data mostly independent from third party stuff, such that in the case of any changes I only need to alter a CNAME entry and not a bunch of VPN configurations. Would be great, though, to have server side RFC 2136 support at some point in the future…

You should probably set the Interface to monitor to WAN since that is probably the interface out which the access to http://myip.dnsomatic.com should be sent. If your WAN IP address was public and changed it is the new address you would probably want to be registered with your dynamic DNS provider.

wallabybob, Thanks for your reply much appreciated. Thanks, Ward.

I don't think its possible with the gui, the unbound does not allow zone xfers for starters, nor do I belive the tiny dns package does as well?  you would have to use axfr-get with tinydns I believe.. Not sure if that is part of the package to get your zone info from your MS dns Now there is nothing saying you couldn't write some script to pull your host info from your MS dns and import that into unbound.  If using the tinydns package, you could prob get the axfer-get stuff to work? But off the top I do not believe there is anyway to do what you want with just clicking in the gui, etc.

Perfect, I'll give that a try, never saw that option. Thanks

Good questions!  Like I said I am new to this.  When I moved the servers over to the DMZ subnet, some are statically set and I did not change the dns to reflect pfsense.  I'll try that.  Also 192.168.3.1 is the DMZ interface