@freesparks Good Day SteverITS, thank you so much for the reply. Yes, I had already read about how to revert back to "ISC DHCP (Deprecated)" and have replicated that this fixes the issue. I have also validated that OpenSSL algorithm changes and can confirm im using SHA256.

@SteveITS Thanks, I found the thread.

@Jarhead said in Static entries not honored?: Why, and how, would the same device receive 2 IP's?? It didn't it just got an ip out of the pool, vs the one you reserved for it to get.

Switched to KEA on the CE 2.7.2. Edition. DHCP is working fine, but KEA is flooding my DHCP log with nonsens. Searched for what they mean but didnt find any result via Google or in the documentation. command_received received command 'lease4-get-all And eval_result expression pool_opt4_0 evaluated to 1 Don't understand why they are pushing this non finished implementation. Switched back to the old ISC DHCP, those log entries make sense.

@Firewaller1 said in DNS in pcap capture: Is it normal that you see DNS traffic such as 1.1.1.1 communicating directly to your end devices via pfSense ? If your clients request this server and they are allowed to do this, it's normal. And is it necessary to indicate the DNS IP in pfsense if i already configured it on my DHCP server (not via pfsense) issuing IP address ? No, if you distribute the DNS server by your DHCP. Ensure that the clients are configured as DHCP client.

@Gertjan Thank you for your reply, and the link to what I needed to see. For the record, I did a search for webConfigurator and came up with nothing. {????)

@frater said in No Custom DHCP-options in new KEA DHCP-server: A checkbox to "get rid of the warning" is also out of place. I don't agree.. A user smart enough to turn off the warning, and having read the release notes that pretty clearly state that kea is preview and not really ready for prime time shouldn't have to see the warning every time they go to do something with dhcp. So yeah I should be able to turn off the warning.. I am sure when the next update comes out they will unflip that flag about the warning, etc as well. But yeah I agree the warning about isc going away could of been handled a bit differently.. Maybe something to the effect, please refer to the release notes (with a link to specific about kea missing features) To see if the current preview release of kea will meet your needs.

@Gradation7377 seems like something got disconnected between what was in the gui and what was in the xml.. Not sure how/why that could of happened. But now and then a thread comes along where something is in the xml either mangled or that shouldn't be there.. Glad you got it sorted.

@henkbart Ah - so read this https://forum.netgate.com/topic/174601/dpinger-exiting-on-signal-15?_=1702390469713 is that logging constant of just those few entries. What else happened at the same time? take that time stamp and start looking at system and other logs, there will likely be something obvious - or something you observed at that time. do you have both the gateways and interfaces widgets on the dashboard? yes -> do you see any of the ports bouncing up and down? no -> put them both on the dashboard? You'll need to figure out what is killing dpinger that rapidly, as mentioned on the other thread it is being explicitly terminated. That can then lead to a whole bunch of other things happening. is the port connection speed and duplex what you expect and what it should be? Tried a different cable? (modem <-> wan) dest_addr 213.93.180.1 so VODAFONE_ZIGGO that's your gateway. ping something further out, setup a monitor IP on System -> Routing -> Gateways - Edit The field is "Monitor IP" try something external but local to you or pick one of the any-cast big boys 8.8.8.8 or 1.1.1.1 etc what kind of response you get from that? Could still be DHCP / but I think you have tried all those checks based on previous items posted.

@johnpoz I did it, everything works as it should now, thank you!

@Gertjan thanks for the clarification!!!

@mcury pfSense 23.09.1 (and pfSense 2.7.2 CE) uses the pfSense (Netgate) repositories. So, if Netgate incorporated these upgrades into the pfSense repository, then you can be pretty sure they are meant to be used. Installed packages to be UPGRADED: curl: 8.4.0 -> 8.5.0 [pfSense] So, its console time, option "13" or option "8" and then pkg update pkg upgrade

I managed to use a third laptop that had never had a lease to login to pfSense and to switch back to ISC dhcp. I think my TP-Link smart switch, it seems, is working with Kea too well acting like a firewall when a device had a lease, and was later switched to static IP address.

@reynold I've just blocked it with a floating rule for all internal interfaces.

@1-21Gigawatts This is policy routing then. Such rules direct all matching traffic to the stated gateway. Hence it is not convenient to allow access to internal destinations. If you want to do policy routing you have create separate rules for destinations inside your network.

@coreybrett said in Translate network address for responses: just looking for a way to translate the DNS as well I try and keep up with all the latest tricks with dns, etc. and while you can do some pretty slick things with response zones in unbound.. I am not aware of such a transformation.. While it might be painful - to be honest changing one of the networks to a new range is prob the best solution. If your clients are dhcp - its really clicky clicky sort of thing.. Its not as hard as people think it is.. Now if you had 254 static settings where you had to go and touch 250 devices by hand - well yeah pita for sure. But if the most of the scope is dynamic - its a click and they reboot. Or even simpler just run a both networks for a bit, setting up a vip on the pfsense IP and just let clients move over as they update their lease.. Sure it takes a little planning.. But it is best solution to such a problem.

@JohnDow Can you open up a console, or better, a SSH session, use option 8 ( Shell ) and use this command : tail -f /var/log/resolver.log and tell, show us, what you saw ?

This may be a similar issue I support several Netgate appliances with my work. One of the main regional offices hosts a Netgate 8200MAX unit with multiple VLAN's, active DHCP services with many leased IPv4 addresses assigned on each VLAN. The office also hosts many servers / services behind the firewall. I have attempted to change the DHCP service from ISC DHCP to KEA DHCP however when making the change, the DHCP IPv4 service stops and will not start. DHCP IPv6 (which is not being used but is enabled) shows the service as working. I have reverted the change back to ISC DHCP and immediately the DHCP IPv4 starts working again. I will attempt to change the DHCP service from ISC to KEA again soon and will capture logs to see whether the issue can be identified. Appliance: Netgate 8200MAX version: 23.09-RELEASE (amd64) Services: apcupds ISC dhcpd dpinger haproxy (disabled) iperf (disabled) ntpd nut openvpn radvd sshd syslogd tailscale (disabled) unbound (admin, please move this post to it's own thread if suitable)