@averyfreeman said in Forward DNS queries to Active directory DNS Server: @bmeeks Why not use forwarders from AD DNS instead of root hints? Root hints are really just meant as a fallback... Not 100% true. The root hints are in fact the root DNS servers. So they are the true authority. And you can talk to them using DNSSEC. When you forward, you lose the benefit of DNSSEC as you have no control over what the forwarder is doing on your behalf. It may be using DNSSEC, or it may not. (Note: assuming we are talking about an external forwarder here and not unbound on pfSense). You can certainly forward to another intermediate server, though, if you wish. And there is probably something to be said for being a thoughtful netizen and not overloading the roots. But one thing you get by directly querying the roots and not using a forwarder is you deprive the marketing folks at that forwarder of their data to target ads or otherwise snoop on you.

I'm facing exactly the same problem. I'd like to provide custom configuration location for PXE (pxelinux.0). Isc Dhcp server does support this feature, but pfsense doesn't. How can I add this feature? Here is the full description in german: https://www.german-syslinux-blog.de/synology-dsm-6-0-syslinux-6-04-pxetftpdhcp-server-einrichten/ I'm happy with pfsense as my dhcp server, so i don't want to have my synology to provide ip addresses.

Update: Found the issue, the pfSense was using a old theme not the newest one coming with the new +. After changing the theme to default everything back to normal. solved

I found the problem. Use SSL/TLS for outgoing DNS Queries to Forwarding Servers was on and causing it to not work.

@zotan said in Deaf DHCP server on a VLAN: So 25 and 75 appear as distinct vlans rather than nested? Yeah any switch does that - any switch that does vlans understands tagged vs untagged. You can always have 1 untagged vlan (native). If you want..

@nogbadthebad I never had occasion to use IP on DOS. Back in those days, we had Netware at work and I recall modifying config.sys and autoexec.bat to run it. NET3 & NETX come to mind. I didn't deal with IP until I got my own connection and was running OS/2. Then, at IBM, I worked with IP, SNA and NetBIOS on token ring.

I have the SG-2220 and do not have this issue. I know this doesn't help a whole lot but someone suggested it could be hardware specific. I hadn't used my SG-2220 for about two years due to divorce and just recently got it going again which is what led me here. I did have this problem and when I did an update when it came out I still had some troubles but not this trouble. I did a factory reset twice and for whatever reason the second reset is what made everything happy. I started with all new settings and didn't restore a thing. I know this doesn't necessarily help a whole lot, but I wanted to offer additional relevant info. It isn't failing on my Netgate SG-2220. What can you do with that? I don't know exactly, but I don't think it is just the software. It might be hardware specific race conditions as another user noted.

@pzanga Just a quick update, if anyone cares. Turns out the issue was a flaky keystone jack. Not sure if it was a bad terminal connection or some dust in the jack, but took off the wall plate, made sure connections were secure, blew out some dust and now its working fine. Also made sure Ethernet cable is not being squeezed and it secure. No problems since. So, as I said above, always check your equipment.

@jknott So after analysing some packet captures and digging around in the depth of the switch config options it seems the switch 'screens' DHCP servers unless they have been explicitly configured as 'trusted'. It seems that for DHCPv6 this involves dropping the multicast messages used for 'advertise' (and maybe others). Once I added the SG-3100 LAN link-local iPv6 address as a 'trusted' DHCP server then things started working as expected.

What mask did you put on the network on the vlan - common mistake is defaults to like a /32 mask.. Which no you couldn't enable dhcp on that because there isn't any addresses to hand out.. That one comes up quite a bit actually.

@gertjan Thanks for the prompt reply. Indeed. Not long after I initially posted I found the file to be rebuilt with just the pfSense host in it. Looks like the best way is to add DNS Host Overrides. Only about 50 entries, so just need a little patience. Thanks for the advice on dnsmasq. Will look into unbound, too. ;-} P

@sport78 With a host over ride. That is, if I understood the question.

Thanks for looking into my problem. @mer said in DNS Resolver and Gateway Groups: Can you set the Gateway group as the outbound interface in the DNS Resolver? Logically doing that "should work". I don't know if you can, just off the top of my head. That would also make sense to me as well but the configured gateway group is not appearing as a network interface neither in the ifconfig output nor as an option in the outbound interface selection box for the DNS Resolver configuration tab.

@mr-rosh said in DNS Resolver Starting Stopping: Windows 10 would connect via random macs. Typically, "random MAC's" should be activated (is meant to be activated ?) when the user uses Wifi network he doesn't trust. This is NOT the case with your @home network. A good thing is : you understand that this setting will produce far more DHCP negotiations at start. Every device, using every AP, will produce another DHCP lease using on the same network. I do recall (I thing) that when A device (Windows PC or whatever) was connected ones to a AP using MAX X and SSID Y, it will use the same 'random MAC' for that AP. Which means it doesn't change it's MAC for every lease renewal, or when a known AP commes into range. I advise you strongly to make Static MAC DHCP lease for all your known (local) devices. And shut down this 'random MAC' thing when they use your home connection.