yes. a router routes between networks. right now you have on both interfaces the same network. search with google on how networks work. use /24.

@renepc: i need this service as fast as possible ;) Consider our commercial support offering if this is the case.

@GruensFroeschli: When you disable the DNS Forwarder and your clients have the pfSense as DNS Server the "should" no longer be able to resolve names. I suspect that 74.200.220.215 is your public IP on WAN. This happens when you try to resolve a name that does not exist. Did you enable on the DNS forwarder page that DHCP-lease names are added to the hosts-list of the DNS forwarder? This is what I only have on my DNS Forwarder… [image: pfsense.jpg] Thanks

@cmb: A full fledged multi-subnet every option compatible DHCP server will be coming likely in the 1.3 release. i was actually going to start a new thread, but i figured my question would be just as appropriate here. quoting cmb, would that include being able to provide more granular options to static DHCP assignments?  example:  at my parents house, i have set up the same version pfsense (latest, at time of this post) with an ipsec tunnel back to my place.  my network is fully provisioned with services, their end is just a little "single computer home setup".  when i visit their place, i would prefer to use my DNS server (via the ipsec tunnel), but would like to do so without manually setting it.  a DHCP assignment that also specified my DNS server (rather than the default from the DHCP scope) would be really cool! i think it would be really useful to see the full range of options available to set (or leave as default) on the static assignments page, rather than just "what the IP will be".

you can add the hostname.domain in the dns forwarder and this will do what you require. this only works if your PCs are using the pfsense as their DNS server.

The easiest way to do this is probably having a bridged DMZ Interface and a bunch of other interfaces (or maybe vlans) for the other internal networks. in This scenario one of the public IPs will be assigned to the pfSense WAN and will be used for natting the other private subnets behind it and the other IPs can be used for the Servers in the DMZ.

Do you have anymore suggestions for me hoba, or anyone else..  I'm almost positive it's not related to the primary dns suffix (not to doubt your expert advise).  It handles fine when communicating through a cheap router, i.e. linksys, etc.  Only acts screwy when passing through pfsense to talk to the lan interface.

It's not possible at this time, it's something I'm checking into this week though.

So there is not option to have pfsense' DNS server/forwarder assume I'm putting in an FQDN if I have at least 1 period somwhere in the query but not necessarily at the end (like google.com)?

@rsw686: Heres one thing to check. In Network Connections right click on the local area connection select properties. Select Internet Protocol TCP/IP and click properties. In that dialog click advanced. On the DNS tab make sure "register this connection's addresses in DNS" is checked. On all machines, "Register this connection's addresses in DNS" is checked. Also, the XP firewall is enabled on all of them.

Services –> DNS-Forwarder