@johnpoz true, it works perfectly fine with IPv4. I just want to learn about IPv6 and I experiment with IPv6 only networks.

@aaronouthier you can setup vlans and work with different subnets "device discovery" will probably have the same issues. personally i tend to avoid using/buying stuff that depends on automagic discovery bs ...

@enesas [image: 1666107398986-dns-redirect2.png] it's actually doing DNS redirection. but pfblockerng's ad-blocking features do not work. I wonder why?

@steveits @rcoleman-netgate I recently had a DNS resolver that restarts in 1-2 hours. Many people were victims until we solved it. Latest pflockerng > dnsbl > Resolver Live Sync Checking the feature fixed the problem. Of course it took time to find it. These and similar problems can happen from time to time. that's why I asked.

@rcoleman-netgate Thanks ... I changed user/passwd ... now it works

@johnpoz arpwatch, thanks!

@samitguy On your Windows DNS server(s) forward all queries to your pfSense. You may need to empty the DNS cache on the server(s) and any devices. ipconfig /flushdns on the PCs, or dnscmd /clearcache for the DNS Server cache.

@viragomann Hello Sir, is hybrid mode on outbound , and seems the traffic is nated , just like WAN interface. Thanks.

Update I stop pfsense in hyppervisor, than run in single mode. I mount zfs. mount -t zfs pfSense/var /mnt In folder /mnt/etc/named/etc/namedb/master/default are two files 192.168.192.DB.jnl and example.com.DB.jnl. Why BIND do not load the files on start pfsense?

@bingo600 that's a good question. Think it came with my tivo which might explain why my tivo was trying to talk to 192.168.2.x. Might have been how my tivo communicated with my tivo mini. Main tivo works fine without it as it networked properly now.

@bihzs if it's ubuntu take a look at /etc/systemd/resolved.conf #DNS= or there is a possibility that you will lose that setting on the next reboot

@gertjan Pfsense uses 127.0.0.1 as it's nameserver (it was displayed then using the pfSense dns lookup tool). I checked all settings on my win10 client and even captured the packets with wireshark: The packets were definitly sent to pfsense and were processed there (i saw the specific lookup request I made in the unbound logs). Good idea to check the resolution with the cli, thx. However in the meantime, it seems like it's working: I have noticed that I didn't upgrade my pfSense for more than 3 months. Therefore I checked for updates and saw that the version 2.6.0 was available. I installed it and as of know, the problems are gone. Don't know if this was a bug in the previous version or what, but it was definitly strange... @johnpoz @Gertjan @SteveITS Thanks for all the help :)

@johnpoz I remove reverse zone 168.192.in-addr.arpa and add 192.168.192.in-addr.arpa zone file /var/etc/named/etc/namedb/master/default/192.168.192.DB $TTL 43200 ; $ORIGIN 192.168.192.in-addr.arpa. ; Database file 192.168.192.DB for 192.168.192 zone. ; Do not edit this file!!! ; Zone version 2664446401 ; @ IN SOA router.example.com. zonemaster.192.168.192. ( 2664446401 ; serial 1d ; refresh 2h ; retry 4w ; expire 1h ; default_ttl ) ; ; Zone Records ; IN NS router.example.com. 1 IN PTR router.example.com. and /var/etc/named/etc/namedb/named.conf #Do not edit this file!!! key "rndc-key" { algorithm hmac-sha256; secret "W1+lueh/DCHHqUxXe9j+bfD+p48yqCgcZUEjeAoZ/Rs="; }; controls { inet 127.0.0.1 port 8953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; statistics-file "/var/log/named.stats"; max-cache-size 384M; dnssec-validation auto; listen-on-v6 port 53 { any; }; listen-on port 53 { any; }; }; logging { channel custom { syslog daemon; print-time no; print-severity yes; print-category yes; severity debug 5; }; category update { custom; }; }; view "default" { recursion yes; match-clients { any; }; allow-recursion { any; }; zone "example.com" { type master; file "/etc/namedb/master/default/example.com.DB"; allow-query { any; localhost; localnets; }; allow-transfer { any; localhost; localnets; }; allow-update { any; localhost; localnets; }; }; zone "192.168.192.in-addr.arpa" { type master; file "/etc/namedb/master/default/192.168.192.DB"; allow-query { any; }; allow-transfer { any; }; allow-update { any; }; }; zone "." { type hint; file "/etc/namedb/named.root"; }; }; and working Sep 29 10:18:10 dhcpd 14875 Added reverse map from 100.192.168.192.in-addr.arpa. to DESKTOP-GBII3C8.example.com Sep 29 10:18:10 dhcpd 14875 Added new forward map from DESKTOP-GBII3C8.example.com to 192.168.192.100 @johnpoz Thank you very much.

@johnpoz said in Stateless DHCPv6 and NTP server: I wouldn't prob setup on a laptop that is off most of the time, etc. But my pc is on 24/7 so yeah I install it on those. I just change where "Internet time" points to.

@sauce I've found https://knot-resolver.readthedocs.io/en/stable/modules-refuse_nord.html How is this related to pfSense ?

@johnpoz hi sir i solve the issue the root cause is in the DC properties was assigned the existing dns ip before so i change an new dns forwarder. thank you