Maybe you can customize this to your needs http://forum.pfsense.org/index.php/topic,9729.msg55580.html#msg55580

I haven't played with the package in a long time, but I plan on getting up to speed on pfDNS. IIRC, the failover stuff is pretty straightforward- you fill in a box for the failover IP and monitor IP. If you want to do this on the firewall, you would want to publish an NS record for your primary and secondary WANs. I think the problem with ANY failover DNS implementation is the downstream caching. IMO, this makes failover DNS records of questionable value for shorter outages. Besides laziness, that's why I  just tell users to try webmail2.company.com if they can't get in at webmail.company.com. If the outage was prolonged, I could just update the record manually anyway.

What DNS servers did you set? Did you enable the "Allow DNS server list to be overridden by DHCP/PPP on WAN" checkbox?

Sorry, finally getting back to this project. Got the permissions fixed: http://tomdavidson.wik.is/How_To/Home_Net Its clear I need more help that with just DHCP, but sticking to DHCP… If a host is statically defined rather than DHCP client, does the host name get registered in pfsense DNS server? -tom

http://forum.pfsense.org/index.php/topic,11159.0.html Basically it uses dnsmasq as a dns query cache (10.000 addresses), before it will ask the ISP or OpenDNS dnsservers. Moving the dsnmasq "bootup" before the timesync works, only problem is updating new images/tgz updates. Before mayor updates remove the "/etc/rc" and "/etc/rc.bootup" modifications.

Well, unsurprisingly, the problem has not gone away.  ??? Occasional clients are still getting the rogue gateway. There has never (intentionally) been a DHCP server running on the 3G client. This client is a Windows XP Pro machine, and looking in the control panel the only DHCP service I could see was a DHCP Client service which appears to run on XP by default. Also, as I mentioned earlier I could see the DHCP handshake - request, inform, ack, etc in the pfSense DHCP logs, showing the IP the client received, but then an ipconfig /all on the windows client (not the 3G one - just another client on the network) showed the DHCP negotiated IP from pfSense, but the gateway IP is the one of the 3G client.

Correct Using OpenDNS is a easy way to avoid site's with spyware and phishing.

@GruensFroeschli: You don't have to clutter the web-gui.  Simply look for a standard dhcpclient.conf first and if it exists, use that instead of the values in the code. @rnilsson: In my case, the pfsense box was not reconnecting again no matter how long I waited.  Besides, I rely heavily on my voip phone so even the 10 minute wait can be too long.  Most of my outages last only a couple of minutes or less.

Let's assume the first and … cheers!  ;-)))  SCNR

Some additional information is worth noting. We have a dual WAN setup: WAN1 - 192.168.254.1   WAN2 - 192.168.253.1 Systems in the DMZ use WAN2, systems on the LAN use WAN1, so it is somewhat strange that the firewall log is filling with blocked DNS responses going to the WAN1 interface when the systems that should be actively using DNS in the middle of the night are on the DMZ (i.e. email). Occasionally there is a block on the WAN2 interface, so this is not exactly conclusive of anything, but I still find it worth a mention. Also, the configuration on pfSense is that DNS should be overridden by DHCP on WAN, and DHCP on WAN provides pfSense with the ISP DNS server addresses. I have tried statically setting the DNS servers in pfSense with the same result.  :-\

Oops. Decided to experiment with clean box. Installed OF1.2 with simpliest setup LAN-WAN (only two interfaces, no vlans at all). Connect laptop with dhcp-client to LAN interface and booooms: on WAN interface I see DHCP broadcast with 255.255.255.255 as destination IP. I can provide any details. Please explain why it happens… Thanks.

Does anybody have any idea about this?  Even on a fresh install pfsense seems to stop showing information from the DHCP logs after a short period.