@swampland7794 I changed the DNS address to 1.1.1.1 and changed the subnet... I messed my home network and I don't have access. I'll fix it when I get home tonight and we'll see if that resolved my issue.

https://redmine.pfsense.org/issues/14977

@viragomann Thanks, this seems to have done it! Couldn't figure out that the first IP in the OpenVPN servers subnet is the actually the Pfsenses Resolver.

it took a bit but now seen

Screenshot 2023-12-19 at 9.38.45 AM.png

Ugh. Well I figured this out seconds after I posted. Hopefully this will help someone in the future...

The syntax is the same as DigitalOcean: "Use @ to create the record at the root of the domain"

@gjkrisa said in host names 23.09.1-RELEASE (amd64):

you say i should not allow static reservation?

No static reservations don't reload unbound at every renewal - normal dhcp registration does those.. See the link provided by @SteveITS

I reserve all the the things I would ever want to resolve, which is pretty much everything.

@freesparks Good Day SteverITS,

thank you so much for the reply. Yes, I had already read about how to revert back to "ISC DHCP (Deprecated)" and have replicated that this fixes the issue.
I have also validated that OpenSSL algorithm changes and can confirm im using SHA256.

@SteveITS

Thanks, I found the thread.

@Jarhead said in Static entries not honored?:

Why, and how, would the same device receive 2 IP's??

It didn't it just got an ip out of the pool, vs the one you reserved for it to get.

Switched to KEA on the CE 2.7.2. Edition. DHCP is working fine, but KEA is flooding my DHCP log with nonsens. Searched for what they mean but didnt find any result via Google or in the documentation.

command_received received command 'lease4-get-all

And

eval_result expression pool_opt4_0 evaluated to 1

Don't understand why they are pushing this non finished implementation.
Switched back to the old ISC DHCP, those log entries make sense.

@Firewaller1 said in DNS in pcap capture:

Is it normal that you see DNS traffic such as 1.1.1.1 communicating directly to your end devices via pfSense ?

If your clients request this server and they are allowed to do this, it's normal.

And is it necessary to indicate the DNS IP in pfsense if i already configured it on my DHCP server (not via pfsense) issuing IP address ?

No, if you distribute the DNS server by your DHCP. Ensure that the clients are configured as DHCP client.

@Gertjan
Thank you for your reply, and the link to what I needed to see. For the record, I did a search for webConfigurator and came up with nothing. {????)

@frater said in No Custom DHCP-options in new KEA DHCP-server:

A checkbox to "get rid of the warning" is also out of place.

I don't agree.. A user smart enough to turn off the warning, and having read the release notes that pretty clearly state that kea is preview and not really ready for prime time shouldn't have to see the warning every time they go to do something with dhcp.

So yeah I should be able to turn off the warning.. I am sure when the next update comes out they will unflip that flag about the warning, etc as well.

But yeah I agree the warning about isc going away could of been handled a bit differently..

Maybe something to the effect, please refer to the release notes (with a link to specific about kea missing features) To see if the current preview release of kea will meet your needs.

@Gradation7377 seems like something got disconnected between what was in the gui and what was in the xml.. Not sure how/why that could of happened.

But now and then a thread comes along where something is in the xml either mangled or that shouldn't be there..

Glad you got it sorted.

@henkbart
Ah - so read this

https://forum.netgate.com/topic/174601/dpinger-exiting-on-signal-15?_=1702390469713

is that logging constant of just those few entries. What else happened at the same time?

take that time stamp and start looking at system and other logs, there will likely be something obvious - or something you observed at that time.

do you have both the gateways and interfaces widgets on the dashboard?
yes -> do you see any of the ports bouncing up and down?
no -> put them both on the dashboard?

You'll need to figure out what is killing dpinger that rapidly, as mentioned on the other thread it is being explicitly terminated. That can then lead to a whole bunch of other things happening.

is the port connection speed and duplex what you expect and what it should be?

Tried a different cable? (modem <-> wan)

dest_addr 213.93.180.1 so VODAFONE_ZIGGO
that's your gateway.
ping something further out, setup a monitor IP on
System -> Routing -> Gateways - Edit
The field is "Monitor IP" try something external but local to you or pick one of the any-cast big boys 8.8.8.8 or 1.1.1.1 etc
what kind of response you get from that?

Could still be DHCP / but I think you have tried all those checks based on previous items posted.

@johnpoz

I did it, everything works as it should now, thank you!

@Gertjan thanks for the clarification!!!

@mcury

pfSense 23.09.1 (and pfSense 2.7.2 CE) uses the pfSense (Netgate) repositories.
So, if Netgate incorporated these upgrades into the pfSense repository, then you can be pretty sure they are meant to be used.

Installed packages to be UPGRADED: curl: 8.4.0 -> 8.5.0 [pfSense]

So, its console time, option "13" or option "8" and then

pkg update pkg upgrade

I managed to use a third laptop that had never had a lease to login to pfSense and to switch back to ISC dhcp. I think my TP-Link smart switch, it seems, is working with Kea too well acting like a firewall when a device had a lease, and was later switched to static IP address.