@johnpoz @viragomann @Silence Thank you so much for your support. I am able to resolve this issue. Root cause seems to be related to Intel i225v Intel 2.5G Nic. It seems there is an issue most likely in FreeBSD version used by pfsense 2.5.2. It is not fully supporting this nic card. Steps to resolve this issue: System-->Advanced -->Networking Network Interfaces Hardware Checksum Offloading - I had to check this box. Checking this is to disable hardware checksum offload. Thank you once again,

@david_moo here is prob easier to read with info https://tools.ietf.org/id/draft-ietf-dnsop-extended-error-11.html I think I saw somewhere while back cloudflare was starting to provide EDE codes.. Let me see if can find that article edit: here you go https://blog.cloudflare.com/unwrap-the-servfail/ in the days of just asking your ISP dns, it either worked or it didn't asking for something. But when you start to run your own actual resolver like unbound does out of the box.. Sometimes you need to get a bit deeper into the weeds on why something specific isn't working.. Servfail is just a catch all that doesn't really give you even hint to what is wrong ;) Other than what you asked for failed ;)

@viragomann not if i restore a previous image over top of what ive done :)

@whoffmans said in DynDNS not working with payed NoIP service: btw I see this in the system logs (under general): /services_dyndns_edit.php: phpDynDNS ([my domain]): (Unknown Response) Does that mean that Netgate didnt keep the API configuration in PfSense uptodate / in sync with NoIP? That's a bummer. PfSense+ is a payed product right? It should be uptodate. UPDATE: I decided to install the No-IP client on my always-on fanless server-PC and remove the dyndns client config from my Netgate router. It has nothing to do with the router anyway.

@coffeecup25 said in Heirarchy for DNS Inquiries: unbound would have to be set to forwarding to make the servers on the setup page work On the DNS Resolver page there is a setting: Enable Forwarding Mode If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under System > General Setup or those obtained via DHCP/PPP on WAN (if DNS Server Override is enabled there). We use this to forward queries to Quad9 or other managed DNS services.

@JonathanD @viragomann is correct. There is an issue with namecheap currently. Their record of the local IP is noted correctly in their system but they messed up their acknowledgement back to pfsense. More details here: https://forum.netgate.com/topic/142147/dynamic-dns-namecheap

@narsaw said in Pfsense DNS specific to VLAN: You may have missed the earlier discussion as all PCs have are pointing the DC for DNS and not pfsense directly. The DC forwards request to pfsense that it does not know about (i.e non local DNS request) I don't know if you still have a problem, but both the answer @SteveITS gave you and mine can work, it's up to you which one you want to use! but your case is very easy. I even have the same situation as you at my work. all pc use their DC (FOR LOCAL DNS) BUT FOR SOMETHING EXTRA THEY GO TO PFSENSE DNS AND HE KNOWS WHAT TO DO I HAVE VLAN RESTINCTIONS WITHOUT ANY TYPE OF PROBLEM. AND IT HAS ALWAYS WORKED VERY WELL.

@gertjan said in How to get rid of the DNSResolver public DNS connection attempts?: Euh ... rename it for easy retrieval ?! Yeah much better suggestion ;) hehehe - its early here and only on first cup of coffee at the time is my only excuse - hehehe As these kick of DNS requests. I don't think he is too worried about any requests, I take it he only concerned with the queries to the roots.. If setup in forwarding mode only then pfsense requests should only go to the setup forwarding server(s)..

@msaeed said in Dynamic DNS WebGUI Very Slow: http://checkip.dyndns.org/ it returns my IP fast and all other pages of pfsesnse GUI returned perfectly just this page takes about 60-200 seconds to be retrieved It returns 'fast' or 'page takes about 60-200 seconds' ? What happens when you execute on the pfSense console : [2.5.2-RELEASE][admin@pfsense.local.tld]/root: curl http://checkip.dyndns.org/ ? @msaeed said in Dynamic DNS WebGUI Very Slow: " I am using free no IP " There are several "no-ip" threads about their dyndns recently. They have 'issues'. See these threads for a work around - or the redmine you mentioned.

@johnpoz I get the same address it seems. Is there a script command or something that I could use to release the address, wait five seconds and then renew the address? I'm pretty sure doing that at say 04 every night would solve the whole thing, since it's solved by doing that manually. Or even better, an HTTP command I could send from my home automation (with POST message) that will do it? In that case I could also have a button in the living room so my wife could press it whenever NRK1 isn't working, and then the system would do the rest?

@javen Several of us are experiencing and have complained about this issue. Here is my thread on it. I gave up trying to fix it for now so still have to restart unbound after every reboot. Here is a pointer to my thread which may have some additional info for you… Topic Peter

@viragomann thank you, that was the direction I needed :)

I think this explains the behavior as expected: https://docs.netgate.com/pfsense/en/latest/diagnostics/dns.html#dns-servers-included-in-testing It would have been nice if the "Testing" section of the "Configuring DNS over TLS" documentation noted this tidbit as well. See excerpt with note below: DNS servers included in testing The page will query a specific set of DNS servers. This set depends upon the DNS Server Settings under System > General. The page will test against 127.0.0.1 if the DNS Resolver or DNS Forwarder are active and the DNS Resolution Behavior setting is not set to ignore local DNS. The page will test each of the DNS Servers from the list at System > General. The page will also test DNS servers from dynamic WANs if DNS Server Override is set and the firewall has obtained servers from dynamic sources. Note The DNS Resolver mode does not impact the behavior of this test. Even in resolver mode the individual DNS servers are tested as described above.

@gertjan The VPN is not hosted by or anything to do with my pfsense box. I've fixed it now anyway. Thanks

@johnpoz This is strange.. When trying it again just now the client suddenly shows the dhcp servers ip as expected, and seems to work as well... Perhaps just a hickup, but was pretty persistant for a while... So sorry...