I can also report that I added the following rules to the LAN interface. They are intended to disallow the bypassing of the OpenDNS servers: [image: 1676485447108-screenshot-2023-02-15-at-1.22.20-pm.png]

@coreycoop said in DHCPD Stopped working, fixed, but trying to figure it out.: Is there any way to save the #30 and #29 backups and get more info, like what exactly I did in the WebConfigurator to cause this problem? There's a diff option in the Backup Config. You can also download them directly and do a diff comparison locally.

@danielbarron No the 3100 can’t use ZFS.

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?: What You say about this? Say about what - Not sure what your freaking asking.. And what does it have to do with some nonsense .66, .77, .88 plan - I don't care if you have 200 IPs.. So use a /23 and make the first /24 your your devices and the 2nd /24 your dhcp. You can come up with whatever you want to come up with - .66, .77, .88, .99 makes no sense.. You will never convince of such nonsense.. I have had to go into a lot of customer networks, never seen such nonsense - and I have seen a lot of nonsense.. I gave you a way to do what you want be it that plan or whatever - now you say its too much work, well yeah because it makes no sense.. There is zero reason why anyone would do such a thing when I can just say .x-.y is either reservations or static..

@dominikhoffmann https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-cache.html#dns-forwarder

@bmeeks said in Add IPv6 to PfSense, DNS problems IPv4: But you really should use static IP addresses for domain controllers! Exactly! especially if they are going to be dhcp servers, normally the dhcpv4 would normally be your v6 dhcp server as well - if your using it.

@thearamadon said in Domain Overrides Intermittently Stop Working: @bmeeks I'm running CE 2.6.0 which has unbound 1.13.2 That is the better behaved version between the two, so I am a little surprised to see it giving problems. For what it's worth, my failure to honor domain overrides has not returned after I killed the unbound daemon and then restarted it again. Prior to that, I had clicked the restart button under SERVICES several times without improvement. Finally, in desperation, I tried the kill -9 <pid> command from the shell. That seemed to kick it back into submission and my AD domain overrides started being honored again after restarting the daemon from the GUI.

@tigo said in Enabling SSL/TLS in unbound, results in error SSL_write: noticed that DNSSEC Support is unchecked. Perhaps, I had it checked, and it wasn't playing nicely with pfblocker & resolver DNSSEC can be only be done if unbound is resolving. When you forward, you have to trust the upstream revolvers (in your case : cloudfare & opendn).

@dalicollins Figured it out. The TTL must be 60 or higher because that is what Cloudflare uses.

In the end after searching left and right I did get the PTR record needed setup within my pfsense appliance. Turns out: unbound entry in the DNS resolver via some “Custom options” field. server: local-zone: "<some name>.lan." static local-data: "<some name>.lan. IN A 192.168.1.2" local-data: "<device name>.<some name>.lan. IN A 192.168.1.3" local-data-ptr: "192.168.1.3 <device name>.<some name>.lan."

Solved! I found another thread discussing this problem, and the original poster tracked it down to a virtual IP that was on the wrong interface. Sure enough, I had a virtual IP on the LAN interface pointing to an address on the DMZ interface. How bizarre!

@jlee_eye link.nyulangone.org has a 30 second TTL so any DNS problems can break/resolve every few seconds. If you try nslookup does that work during an "outage"? nslookup link.nyulangone.org your_pfsense_ip Are your PCs using pfSense for DNS? It's also very possible your browser is using DNS over HTTPS and not using pfSense for DNS at all. Many default to that nowadays.

@jknott Hi, yes, LAN is dual stacked. I just want all clients to get an IPv4 DNS address and no IPv6 address as I am using PiHole and DNS requests made via IPv6 make it difficult to identify clients. I have switched off "Provide DNS configuration via radvd" and that has solved the problem.

@johnpoz I'm going to sound like I'm losing my mind. Had to run some errands for a few hours. I removed the DNS entry from the DHCP config a bit ago to run the tests you suggested and now they work just fine. I have no explanation... I'm speechless. Thank you for your time troubleshooting with me.

@rh128 that is good news! yeah not good idea to just pull the power plug on pfsense. You running ZFS - that is suppose to be better than UFS..

this helped me, the last few entries, but here is what fixed it for me in 2023... Services > DNS Resolver > Advanced Settings > Left it checked Services > DNS Resolver > Check DNS Query Forwarding seems like I am using OpenDNS, like I wanted, but still able to use my dns resolver so I can do host overrides and anything else I want to do in DNS.

@ic_attila said in DNS Resolver / General settings | Unable to save changes: jostle-timeout: 200 infra-keep-probing: yes infra-host-ttl: 900 I have all of those lines in the router I just pulled up. re: bmeeks' suggestion, see https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html

@aheadalarmroom On 22.05 I have applied: Namecheap DDNS on 22.05 Ensure you have the latest Patches package. They add patches via a package update as opposed to an external list.