@SteveITS I did restart but I have been adding a lot reservations so I I noticed it intermittently and just decided to give up and move away from Kea

I was able to find and delete the entry by searching the XML file and it was in virtual IPs.

@Andy142 Pretty solid proof then that the ISP device, connected to the pfSense WAN port took down the interface. Afaik : reasons can be : if its a modem type device : they do this to signal down stream a data carrier loss. Bad power. Bad NIC. Most often, these ISP devices have also a GUI. It's time to have a look at, maybe there are details about the loss available.

@Gokulapandi The DNS resolver doesn't hand out private IPs by default. You have to enable this with a custom option: server: private-domain: "<your-domain.tld>" The server line is only needed if you haven't one already, otherwise you can write the private-domain line below of it.

@johnpoz yeah, I guess 10 would be enough for some IoT devices like light bulbs, you garage door, window blinds or sun shades (whatever the right word). For the DMZ on the other hand it may be a bit slow.

@DjJoakim yeah so stuff using other than your IP will be redirected, and stuff using the pfsense IP will be allowed.

@Gertjan will do, thank you very much for your help

I have a laptop with a mapping for both the wired and wireless MAC, but when it gets a lease, instead of, for example, "laptop" as the client ID, it is "laptop." and gets a pool address instead, even though the MAC matches the reservation. Very annoying.

@jeffry-maynard said in Kea server is down: let me know if you have figured out a fix You are using ... 2.7.2 ? Afaik, there was a small patch avaible since the beginning to solve this situation. Or, even better : 2.8.0 beta is out now for several weeks, and it look very promising,

@rtadams89 Is it the check-mk agent? Have you managed to solve?

@Gertjan said in Cannot contact VM via host name: @tknospdr said in Cannot contact VM via host name: When I try to ping by IP, it times out. ICMP (is not UDP neither TCP) is allowed with firewall rules ? I did say it worked via host name, that would show that ICMP is allowed, right? @tknospdr said in Cannot contact VM via host name: from a browser in That browser uses what DNS ? Maybe not pfSense so it couldn't know about the host over ride. Yes, all the browsers in my LAN use my pf box for DNS. @tknospdr said in Cannot contact VM via host name: If I enter the host name from a different subnet, I get a 'server dropped the connection' error. The device with that host name, does it allow connections coming in from your other local networks ? It does. So I found out that I had to create a bridge network connection in order for my VM and host to talk to one another. Everything seems to be talking correctly now. My next hurdle is to get the packages I built the VM for to work, but that's beyond the scope of this forum. For posterity, if you have TrueNAS and a VM, watch this video: Network Bridge in TrueNAS

I know it's an old post, but I've updated the way I'm managing this to patch /etc/inc/services.inc as @inq mentioned above: --- /etc/inc/services.inc-20250320 2025-03-20 15:43:20.182559000 -0700 +++ /etc/inc/services.inc 2025-03-20 15:44:13.392591000 -0700 @@ -3096,6 +3096,7 @@ if ($need_ddns_updates) { $dhcpdconf .= "ddns-update-style interim;\n"; $dhcpdconf .= "update-static-leases on;\n"; + $dhcpdconf .= "update-optimization off;\n"; $dhcpdconf .= dhcpdzones($ddns_zones); } @@ -3564,6 +3565,7 @@ if ($nsupdate) { $dhcpdv6conf .= "ddns-update-style interim;\n"; $dhcpdv6conf .= "update-static-leases on;\n"; + $dhcpdv6conf .= "update-optimization off;\n"; } else { $dhcpdv6conf .= "ddns-update-style none;\n"; }

@Gertjan Thank you for your feedback, Gertjan! I'll continue with that info :) Have a great day

@SteveITS So far so good, I'll know tomorrow for sure.

@Cabledude See thread https://forum.netgate.com/post/1206282, may be similar.

@jaybee32 Something has changed recently .... You saw this : [image: 1744289911780-cab5bb5f-a430-4633-a13f-60b820c27d8f-image.png] ? I'm not using the CE myself, but what about testing the newer, upcoming 2.8.0 ?

@drhans This server uses the DMZ interface as the DNS destination ? Check : can you see DNS coming into the DMZ interface ? Does the resolver listen on the DMZ interface for DNS requests ? Do you allow DNS traffic (port 53, TCP and UDP, destination "DMZ Address") on the DMZ interface ?

@SteveITS these aren't actually mobile clients, this is a site to site IPSec. But yeah I think we agree the way to go here is to specifically assign the DC as DNS one way or another. Since I control DHCP on both sides, that seems to be the way to go in this case.