@viktor_g Will do, it would also be useful if in the IPv6 range it allocated domain prefixes for domains that don’t have a name rather than just leaving them blank.

A rule like:

ddns-hostname = pick (option dhcp6.fqdn, option fqdn.hostname, option host-name, binary-to-ascii (16, 8, "-", substring (hardware, 1, 6)), concat("dyn-", binary-to-ascii (16, 16, "-", substring(option dhcp6.ia-na, 16, 16)))); option host-name = config-option server.ddns-hostname;

In the Range6 section of services.inc would do the trick.

Feature request created: https://redmine.pfsense.org/issues/11357

Hello!

Starting/restarting the dhcpd service looks complicated, but killing it should be easy.

You could try adding dhcpd to the Service Watchdog package, killing dhcpd at midnight, and then letting the watchdog restart it. You could have a minute or two downtime for dhcpd.

/usr/bin/killall dhcpd

John

@jknott said in make all DHCP leases static:

pfsense won't even allow you to do a static assignment within the pool.

never tested it
some things they teach you stay forever somehow ;)
thx

@noplan
Version: 2.4.5-RELEASE-p1

I'm pretty sure I wouldn't have been able to make static DHCP leases unless I had saved such a range.

Here's what I did:

Services>DHCP Server> set range from 192.168.1.11 to 192.168.1.99 Save Status>DHCP leases: Used + button to add static, then chose IP addresses from the range of 192.168.1.100 and up. Save then apply.

This worked successfully and had most of my devices set as static in the 192.168.1.100 and up range.

Later in the afternoon I went to add a few more devices that had connected to the LAN by going:

Status>DHCP leases: Used the + button to add static address above 100. Got message that I had to choose an address outside the DHCP range. Navigate to Services>DHCP Server: I found that the range had returned to the default range. Reset range from 192.168.1.11 to 192.168.1.99

The range has remained as I set it yesterday so far. I guess I'm curious if there is something I might have done elsewhere in pfsense that may have caused the DHCP range only to revert to the default setting, or if I found a bug. Or, if that bug was, inadvertently, me.

@dienox said in Allocation of the same IP in DHCP that is busy.:

The topic applies to home and corporate networks. I am asking in the context of the DHCP server in the pfsense system. I just need to know what DHCP will do in the case of the first post.

You should never manually configure an address within the DHCP pool. As I mentioned, DAD may help, but if it happens, you will have a conflict, with one device or the other claiming the address. There will be error messages when that happens. Why not give it a try and see what happens. Run Wireshark or Packet Capture to see what happens.

@griffo said in DNS Resolver in 2.5x weird behaviour:

unbound giving nxdomain

If unbound is told to forward, an "nxdomain" is the valid answer coming from a resolver like 1.1.1.1 and it says it couldn't resolve (== find) the DNS request. So its probably a very new domain or non-existent domain.

So nxdomain isn't a unbound answer here, as it is in forward mode.

if the problem is local, or the communication to the upstream resolver dosn't work, you will get a "servfail" which (for me) says : can't communicate with upstream resolver - or unbound has issues, etc.

@imthenachoman said in Roku won't connect to internet if both of it's MAC addresses are assigned the same IP:

I recognize that line from a Blood Hound Gang song. :)

Newhart

Check the cast.

p.s. I also checked the unbound documentation but it doesn't seem to address this particular point.

The documentation can be found here: https://nlnetlabs.nl/documentation/unbound/unbound.conf/

What do you mean you can't enable DHCP? You just click on the appropriate buttons to enable and select the address range. Are you saying you don't get a DHCP address at all? Or something doesn't work after you get an address? What happens if you use a static address & config?

That is in the custom options box in resolver (unbound) on pfsense.

custom.png

query.png

thank you all for the information here.. after this we started looking more into how everything works, and now it is much clearer.

ps regarding cache size, i needed to bump it up, it was using more then default.

@gertjan said in Unbound fails to parse config if DNS Query Forwarding and custom options are enabled:

A red text with : "Know what you are doing" would also be very appropriate here ;)

Dude I'm dying.. hehehehehe ROFL... Yeah that should really be everywhere in blinking red text ;) hehehehehehehe

@johnpoz said in DHCP will not assign IP to iDrac:

Then 1 should be used for ipmi, and the other for whatever your normal traffic is on.

otherwise, this solution exists, called shared LOM

we use the Cisco UCS series this way, but the CIMC is on a VLAN - ALWAYS!!!

https://community.cisco.com/t5/unified-computing-system/ucs-cimc-shared-lom/td-p/1981952

and

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/gui/config/guide/1-2-1/b_Cisco_UCS_C-Series_Servers_Integrated_Management_Controller_Configuration_Guide_1_2_1/Cisco_UCS_C-Series_Servers_Integrated_Management_Controller_Configuration_Guide_1_2_1_chapter8.html

@gertjan Thank you for this response. All is well this morning. For the past several days, I have been awakening to several devices being offline. These include a weather station hub (WeatherFlow), my old iRulu tablet, and a couple of my Honeywell thermostats. When this occurs again, I will see what the packet capture shows.

@bmeeks said in Different ways to setup DNS over TLS:

That way I won't have to fight the streaming services blocking Hurricane Electric space. Really that's the biggest reason I disabled the HE tunnel.

I'm using he.net for years now, it works .... well.
Two major downsides, as you stated : Netflix saw my IPv6 (geo located in Paris) as some kind of VPN type of access. So I could access Netflix, but as soon as I pressed Play, an obscure error message showed : "Do not use a VPN".
This changed a couple of weeks ago : no more issues.
The other one, for me, was Apple's icloud : the access is ok, but impossible to see uploaded photos. they refused to show up in the browser. I presume that it was some silly 'javascript' issue that went ko on IPv6 addresses as Apple should be IPv6 for years now. I don't think Apple has peering issues with Huricane neither.
But icloud works fine now , since ... a couple of weeks.

Anyway, 'NoAAAA' exists as a Python extension for unbound to block listed AAAA domains, which helped. The same NoAAAA - as it is special kind of DNSBL - is now integrated in pfBlockerNG now. So if some site has IPv6 difficulties, it can be excluded from DNS.

Btw : I love this cdc.org DNNSEC graph ....how on earth admin people can actually let such a situation sustain ? Resolvers that do DNSSEC checking will -as they should - fail on DNSSEC enabled sites with broken DNSSEC. I presume a site as "cdc" is rather important these days.

Using he.net is actually slowing down my overall network performances, as close to 3k accounts are using the he.net POP in Paris. This can't be good for performance, as IPv6 traffic is preferred above IPv4.

@Operations : sorry for going way out of subject. If you have questions : ask ;)