@gertjan I appreciate your response and willingness to help. Unfortunately, I'm not a coder. I looked at both of your URL links. They are above my pay grade. I do remember that when I got dynamic DNS working in pfSense, I created an "A" type with the help of a friend. I'm not knowledgeable enough to write my own script or how to make the script execute. I'm not even sure if "host name" means "xxx" or "xxx.domain". I guess I was hoping that I could copy and paste a script into the "request" field and just change my details. Likewise, copy and paste the appropriate "dynamic DNS server".

I agreed as I sent screen shot of I have define pool to auto leased only 172.16.159.252 to 172.16.159.253 ip and then reset based on mac I entered in dhcp list then it will assign that ip to entered mac . I noticed that when I made changes into orignal entry intensionally then dhcp not suppose to assigned same old IP address unless and until it is listed. Although I have flushed arp recycled leased.

@benam They stick all for me : [image: 1672737915574-c05bd838-2560-4197-b019-3312a91724c7-image.png] @benam said in DNS hostname disappears after input: Version 2.5.2-RELEASE That's 5 or 6 versions in the past .... The issue was fixed.

@viragomann What a straight-forward solution! Thanks! It works as expected now.

@bob-dig @johnpoz I tried starting in Firefox Safe Mode with all add-ons disabled... same problem However, creating an entirely new profile restored the correct behavior. So it's something in my default profile, but I can't imagine what would cause FF to remove the value= attribute from an input tag. Thanks for the help.

@swami_ you can setup haproxy to use your wan or you lan interface. Comes down to where the traffic is going to hit. Even if you ha proxy listens on you wan IP, unless you open a firewall rule on the wan that would not be available to internet IPs. But your wan IP is still going to be able to be hit via your lan devices. Comes down to where you want to point the fqdn you want to use to point to - if all your going to want it for is lan, then just use your lan IP and point all your fqdn you want to use to your pfsense lan IP.

@provels Thanks!! Happy Holidays I created two text files from the above URLs to use with Squidguard without the # and the text DNS over HTTPS "DoH" server text files for use with Squid Guard: Smaller Lists made from URLS above: dnsdoh.txt Large List from bulk URL list: DoH DNS List.txt Combined Lists: CombinedDOHlist.txt

@bingo600 A quick fix. It is working now. Thank you!

@rcoleman-netgate yaya ^^ that thing.

Yes, there are VLANs at play here. The device is on wifi, though it hasn't moved and a new identical device newly installed right next to it is not exhibiting this issue. The logs from my wireless infrastructure don't suggest any major connection blips either. I also don't believe the device rebooted, though that is possible. I ended up, rather than setting up a static IP on the lease (that particular vlan is for IoT stuff and has no extra room on its subnet that isn't allocated to the DHCP pool), just setting a static lease that overrides the DHCP lease time to one day. And now I see daily DHCP renewals with no problems. Odd though that this worked fine with hourly lease renewals for a couple of years before this problem arose.

@johnpoz said in Unable to illegal DNS record from pfsense (DNS-resolver corruption): @asadz said in Unable to illegal DNS record from pfsense (DNS-resolver corruption): with backhole address. of 100.1.2.4 ? that is a HORRIBLE blackhole choice that is for sure.. A simple wireshark would of seen right away that answer was coming from a different mac address, etc. Again if the DC was putting traffic on the wire, would of seen that and know from upstream something was returning the 100.x address. Glad you found it.. but using a valid public IP, ie 100.1.2.4 is horrible horrible choice of blackhole address.. Maybe it was a typo and was suppose to be 10.1.2.4? Yes I share your concerns, this IP made it first appearance in var/log of pfsense of 14th same day we enabled new snort rules The DNS reply logs Dec 14 14:31:08,reply,A,A,Unk,sb.scorecardresearch.com,192.168.3.6,100.2.3.4,USDNS-reply,Dec 14 14:31:08,reply,A,A,Unk,sb.scorecardresearch.com,192.168.4.9,100.2.3.4,USDNS-reply Suggest sunnyvalley providing black hole response. I still think black hole address should be private to be safe and esp should not resolve or routable to www. Also the MAC address lookup shows 0050560B0310 -> 00005E000101 One is register with VMware other is IANA. Most probably sunnyvalley cloud app is running over VMware.

I guess, those are normal and unbound is the source? Although I haven't noticed blocking has had any unwanted effect to anything, at least info TLD would probably be better to be allowed?

It turns out that I had a brain fart and misconfigured DHCP guarding in the UniFi OS Console for my access points. Rather than using the gateway address of the WiFi network’s subnet as the DHCP server address, I used the address of the Netgate box. With that fixed, everything works. Thanks for all who made suggestions! I am learning from each of your contributions.