@jimp Thanks. That makes sense. Just seems that it was a change for versions after 2.5. Now I know it's expected behavior going forward and will get sorted when the device is configured.

Solved by watching a video from Christian McDonald. The change was to the settings in the peer (client) app. I set the DNS address to the tunnel address (192.168.85.1) rather than my pfSense address.

@sbwcws Unclear - it's not supported as far as I can tell. I'd open a new topic in what you think might be the most appropriate spot or search the forums for other's past inquiries or attempts.

@toluun Seems to be an issue with my linux installation. If I specify the dns server it responds as expected. dig @192.168.20.1 notthere.local.lan

Anyone that has insight to share about Bind DNS PTR record troubleshooting?

@wildfrog What is listed as the router in the DHCP server on LAN? If you really, really want to see what is going on, packet capture the DHCP traffic on the LAN and post it. Particularly interested in the DHCPOFFER from the server.

For future reference, problem was caused by a misconfigured setting in General Setup -> DNS Server Settings - DNS Resolution Behaviour. Setting changed to Use Local DNS, Fall back to remote DNS Servers

bump

Okay. I'll reply to myself: it was super easy: https://japtaincack.blogspot.com/2018/02/pfsense-dhcp-dynamic-dns-updates-to.html But I think I found a bug in pfSense, because I configured this for the DHCP on only ONE specific interface, but now it registers ALL clients from all LAN subnets in the remote DNS. Do somebody know how to prevent this? I also don't know why it creates a TXT record for every client, would also be nice not to have this.

@johnpoz --- Right but unbound actually runs - the settings just wouldn't save. In any event, I hadn't see this so appreicate you pointing it out...

@offstageroller said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?: @jimp said in The maximum lease time must be at least 60 seconds and higher than the default lease time - Why?: It's probably a limitation from an earlier version of ISC DHCPD or perhaps even older than that. The current man page for dhcpd.conf has an example where max == default so it's probably OK now. From the EXAMPLES section on https://www.freebsd.org/cgi/man.cgi?query=dhcpd.conf&apropos=0&sektion=0&manpath=FreeBSD+12.3-RELEASE+and+Ports&arch=default&format=html max-lease-time 120; default-lease-time 120; Git blame shows the input validation check going all the way back to the very first initial pfSense commit in 2004, so it's very old. Make a Redmine entry as a feature request to relax the input validation and we'll get that adjusted. Will do. I'll go ahead and submit a PR/MR to help make that change after creating the ticket. Redmine ticket: https://redmine.pfsense.org/issues/13118 Pull Request: https://github.com/pfsense/pfsense/pull/4581

@andy22 If you install the System Patches package you'll see the recommended patch: Fix Google Domains Dynamic DNS response processing (Redmine #12754)

@johnpoz Hi, I agree it is not clear. I reconnected the tablet for now so I will post back more screnshots when the problem will happen again ( 2,3 days I guess..) thanks

@johnpoz static arp works as you say. But sometimes you plug in a computer so it can access the internet quickly. With this method, you will have to go and add the mac address to pfsense every time

FIXED I looked at the config.xml and saw that there were 2 entries for my VLAN 100 and VLAN 200 under the DHCPD section. I removed one of the duplicate sections for each VLAN and restarted DHCPD.... all is fine now...The GUI can manage DHCP leases again....