I have the same issue (well, actually I also get this on my logs) the true issue is lack of IPv6 connectivity as I get an IPv6 address assigned by my ISP (Portugal, MEO/Altice) on the LAN interface (correctly).

https://forum.netgate.com/topic/177981/no-ipv6-after-upgrade-to-23-01/

@moelassus Check the system log also. Could be something like Suricata update, WAN link down/up, etc.

I have tried resetting up an interface in the console that uses DHCP like I saw some on the forums talk about, that did not fix the issue for me

I've just updated to 23.01-RELEASE (arm) and the problem I threw into this lengthy debate appears to have gone away now.

Touch wood I think I have found my issue. It was the old RealTek network card driver in pfsense 2.6. Here a my basic notes on how to update

Realtek Drivers

Enable BSD repo /usr/local/etc/pkg/repos/pfSense.conf and changing the first line to:

FreeBSD: { enabled: yes }

Next, edit /usr/local/etc/pkg/repos/FreeBSD.conf and make the same change there:

FreeBSD: { enabled: yes }

It must be enabled in both places to function.

Install new driver You can just use pkg add directly

pkg update pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/realtek-re-kmod-198.00.pkg

Edit /boot/loader.conf.local to load new driver. You can append those lines with echo

echo 'if_re_load="YES"' >> /boot/loader.conf.local echo 'if_re_name="/boot/modules/if_re.ko"' >> /boot/loader.conf.local

Solved. It was Snort blocking the addresses.

Well that makes sense.. greatly appreciate your response!

I can also report that I added the following rules to the LAN interface. They are intended to disallow the bypassing of the OpenDNS servers:

Screenshot 2023-02-15 at 1.22.20 PM.png

@coreycoop said in DHCPD Stopped working, fixed, but trying to figure it out.:

Is there any way to save the #30 and #29 backups and get more info, like what exactly I did in the WebConfigurator to cause this problem?

There's a diff option in the Backup Config. You can also download them directly and do a diff comparison locally.

@danielbarron No the 3100 can’t use ZFS.

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

What You say about this?

Say about what - Not sure what your freaking asking.. And what does it have to do with some nonsense .66, .77, .88 plan - I don't care if you have 200 IPs.. So use a /23 and make the first /24 your your devices and the 2nd /24 your dhcp.

You can come up with whatever you want to come up with - .66, .77, .88, .99 makes no sense.. You will never convince of such nonsense.. I have had to go into a lot of customer networks, never seen such nonsense - and I have seen a lot of nonsense..

I gave you a way to do what you want be it that plan or whatever - now you say its too much work, well yeah because it makes no sense.. There is zero reason why anyone would do such a thing when I can just say .x-.y is either reservations or static..

@dominikhoffmann https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-cache.html#dns-forwarder

@bmeeks said in Add IPv6 to PfSense, DNS problems IPv4:

But you really should use static IP addresses for domain controllers!

Exactly! especially if they are going to be dhcp servers, normally the dhcpv4 would normally be your v6 dhcp server as well - if your using it.

@thearamadon said in Domain Overrides Intermittently Stop Working:

@bmeeks I'm running CE 2.6.0 which has unbound 1.13.2

That is the better behaved version between the two, so I am a little surprised to see it giving problems.

For what it's worth, my failure to honor domain overrides has not returned after I killed the unbound daemon and then restarted it again. Prior to that, I had clicked the restart button under SERVICES several times without improvement. Finally, in desperation, I tried the kill -9 <pid> command from the shell. That seemed to kick it back into submission and my AD domain overrides started being honored again after restarting the daemon from the GUI.

@tigo said in Enabling SSL/TLS in unbound, results in error SSL_write:

noticed that DNSSEC Support is unchecked. Perhaps, I had it checked, and it wasn't playing nicely with pfblocker & resolver

DNSSEC can be only be done if unbound is resolving.
When you forward, you have to trust the upstream revolvers (in your case : cloudfare & opendn).

@dalicollins Figured it out. The TTL must be 60 or higher because that is what Cloudflare uses.

In the end after searching left and right I did get the PTR record needed setup within my pfsense appliance.

Turns out: unbound entry in the DNS resolver via some “Custom options” field.

server:
local-zone: "<some name>.lan." static
local-data: "<some name>.lan. IN A 192.168.1.2"
local-data: "<device name>.<some name>.lan. IN A 192.168.1.3"
local-data-ptr: "192.168.1.3 <device name>.<some name>.lan."