PfSense resolver not adding DHCP hosts to resolver table

GrumpyDave · Aug 26, 2023, 9:16 AM

Scenario: I have a simple home network with a local domain called a.lan. So all I want is local DNS support for that domain. However, I just cannot get the resolver to add any local DHCP entries, so any query fails.

My understanding: If I have no DNS servers set in the general setup and no DNS entries in the DHCP lease, and have set pfSense to register any DHCP hostnames. Then when a DHCP lease successfully occurs, the hostname will appear in the DNS Resolver table (Status->DNS Resolver and of course that hostname being able to be resolved.

The problem: No DHCP leases are appearing in the Resolver table and of course as such cannot be successfully resolved.

My config:
General Setup

Services->DHCP Server (VLAN)

DNS Resolver

johnpoz · Aug 26, 2023, 2:44 PM

@GrumpyDave how are you trying to resolve them? you would need to use fqdn, something.a.lan for example.

Your sure your clients are using pfsense dhcp, they are not behind say a wifi router on your network that is doing nat? I do not use that because it causes a restart of the resolver on every dhcp renew, etc. And depending on the number of clients and your lease time, etc. it can lead to very unstable dns where unbound is restarting every few minutes, etc.

GrumpyDave · Aug 26, 2023, 2:44 PM

@johnpoz thank you for the reply.
How am I resolving them? I am just using a windows pc to query my Home assistant machine. The HA machine has a static DHCP address issued by pfsense and the same with the desktop PC.

I don't need to use an FQDN as I have a default suffix domain set.

I do notice that the pfsense response is from the LAN interface and not the VLAN interface but that just maybe how pfsese rolls.

I have a collapsed hierarchy where the end notes are serviced by wifi AP's (Unifi's) but everything is layer 2 all the way back to the pfsense which does the routing. So it is one hop to my Pfsense.

If I ping to the gateway hostname everything works fine. But I have re-leased both the HA and my PC and neither appear in status->DNS Resolver on my netgate 7100 (23.01).

At the very least I would expect the host details to appear in the DNS Resolver table but neither are appearing. DNS Resolver log is empty too.

GrumpyDave · Aug 26, 2023, 3:04 PM

@johnpoz I am soooo dumb. As I was looking through the DNS Resolver config and I found this just below the DHCP registration toggle.

Now it works as expected.

Obviously the resolver table does not show local request fulfilment which is a bit of a pain for troubleshooting, as the entry still does not appear there. Oh well.

Thanks for the nudge, helped a lot.

johnpoz · Aug 26, 2023, 3:09 PM

@GrumpyDave said in PfSense resolver not adding DHCP hosts to resolver table:

I do notice that the pfsense response is from the LAN interface

Well yeah that is the IP for pfsense lan that is what its name would point to..

I wouldn't truest suffix search.. Why not do an actual fqdn query and be sure.

$ dig i9-win.local.lan

; <<>> DiG 9.16.42 <<>> i9-win.local.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8336
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;i9-win.local.lan.              IN      A

;; ANSWER SECTION:
i9-win.local.lan.       3600    IN      A       192.168.9.100

;; Query time: 5 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Sat Aug 26 10:05:05 Central Daylight Time 2023
;; MSG SIZE  rcvd: 61

$ nslookup i9-win.local.lan
Server:  pi.hole
Address:  192.168.3.10

Non-authoritative answer:
Name:    i9-win.local.lan
Address:  192.168.9.100

I don't use dhcp registration - but I will test it when I get back.. Heading out with the wife to run some errands..

I use static for all my clients I want to be able to resolve.. dhcp registrations has not been a good idea for long time, as it constantly restarts unbound on any dhcp activity. But I see you have some really long leases there ;) So as long as you don't have lots and lots of clients your restarts due to dhcp should be not so bad.. Give me a bit to test it out here..

edit: Oh so all your clients have reservations?

GrumpyDave · Aug 27, 2023, 12:01 AM

@johnpoz Actually I have always struggled with IP management. I have tried some IPAM's but they are a lot of work so the best way for me is to register everything in DHCP and assign as static as required but based on what you were saying about unbound restarting every time a lease is issued I might change the lease time to be even longer. As we are now well of-topic I will consider this case closed and thank you for your assistance and hope your wife is not too mad at me for dragging you away ;}.

johnpoz · Aug 27, 2023, 12:05 AM

@GrumpyDave unbound only does that when you register dhcp, not with static reservations.

if your setting reservations for your devices, your fine - don't register dhcp.. Same thing I do.. If I add a device to my network, I let it get an IP - then set a reservation with an IP I want it to have and then I can resolve its name.