Yeah - Mine is using 128.0.0.1 locally and the root servers in unbound, so maybe thats why I'm not getting the huge delay.
At any rate, with such a big delay but without failure, I figured DNS must be involved.
Don't forget, PfSnese is a stateful firewall. Best practices would be to reset states after creating rules/nat mappings, so that states must be reestablished based on your restrictions or lack there of.
That's what I started with. I had to get support to get the config back and things working. The attached the old pfsense this is on a Xenserver and read off the config.xml
OK, not sure if what I am seeing is a feature or a problem.
I have registered a host sip.mydomain.net 98.114.XXX.YYY on no-ip. I can ping it without any problems from my ipcop setup.
I switched over to pfsense. I then went to DNS Resolver and checked the following:
Enabled DNS Resolver
Enabled DNSSEC Support
Enabled Forwarding Mode
Enabled Register DHCP lease in the DNS Resolver
Enabled Register DHCP static mapping in the DNS Resolver
I then created a new entry under Host Overrides:
Host: sip
Domain: mydomain.net
IP: 192.168.3.6
I then went to Diagnostics -> DNS lookup and entered sip.mydomain.net in the field. The DNS lookup returned 98.114.XXX.YYY!
I repeated the command some 6-7 times. only once it returned 192.168.3.6, the other times it returned the outside IP.
What is causing this?
Thanks again for the help
Renato
