    my pfsense network persists of a LAN-Interface ( and different VLANs (,, … ) which also are using the LAN-Interface.
    These VLANs should have access to some hosts of the LAN-Net. The communication is working fine, but only if I response this host with the direct IP-Adress ( Example:  VLAN-Host: <--> LAN-Host:
    If I want to communicate with the other host only trough hostname(elektron) I don't get any response from the host. (Example: <--> LAN-Host: elektron)

    As a conclusion the mistake must be in the DNS Settings in my opinion. To be sure that nothing is blocked by the firewall, I added an "any-to-any"-Rule for all VLANs.

    My Config in "DNS Resolver" looks like this:

    Network Interfaces: All

    Outgoing Network Interfaces: ALl

    DNSSEC: disabled

    DNS Query Forwarding: enabled

    DHCP Registration: enabled

    Static DHCP: enabled

    TXT Comment Support: disabled

    I should add, that the DNS resolving is working if I am in the same net (LAN-net). But it should also work from the VLAN-Networks.

    Do you have any ideas for this Problem?

    elektron is not a fqdn, what is the domain part something like elektron.yourdomain.tld

    Query the dns on pfsense and this fqdn should resolve.

    Sure you are right that elektron is not a FQDN. But it should also work by only using the hostname or not? I tried to add "host Overrides" and " Domain Overrides" in DNS Resolver.

    Host Overrides: Host: elektron / Domain: elektron.yatego.local / IP:

    But also with this setting it is not possible to ping the hostname. Also I switched to the pfsense Tool DNS Forwarder but there I get the same result.

    Your domain is wrong, it should NOT include the hostname.

    And if you want to resolve just "elektron" check the domain and domain search list on all the dhcp servers for all the vlans.

  • Now ping from the same subnet (192.168.22.x) to elektron is working:

    ping elektron
    PING elektron ( 56 data bytes
    64 bytes from icmp_seq=0 ttl=64 time=19.944 ms

    Out of the VLAN there has nothing changed.

    ping elektron
    ping: cannot resolve elektron: Unknown host

    I changed the DNS from VLAN to instead of VLAN-DNS But it made also no difference.

    Are there some other possible reasons like DNS?

    Actually I found a strange mistake in my network settings on client. Every client which want to connect to VLAN net gets a search-domain. I don't know where to deactivate this feature. Can somebody tell me? :)

    Sigh… The VLAN DHCP server should be set to the VLAN interface IP set on pfSense. Plus, as noted above, you need to set up the domain/domain search list on your DHCP server properly - or set it up manually on each client who is too lazy to type FQDN. It won't work otherwise.

    300% PEBKAC.

    What part do you not understand about search order and domain??

    if you want your machine to auto add the domain name then use search suffix..


    C:>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : i5-w7
      Primary Dns Suffix  . . . . . . . : local.lan
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : local.lan

    See when I ping just pfsense it comes back fully qualified

    C:>ping pfsense

    Pinging pfsense.local.lan [] with 32 bytes of data:
    Reply from bytes=32 time<1ms TTL=64             
    Reply from bytes=32 time<1ms TTL=64

    Ping statistics for                             
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),       
    Approximate round trip times in milli-seconds:                 
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    Same for any other box on my network..

    C:>ping storage

    Pinging storage.local.lan [] with 32 bytes of data:
    Reply from bytes=32 time=1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128

    Yes even stuff on different segments

    C:>ping unificntrl

    Pinging unificntrl**.local.lan** [192.168.[b]2.10] with 32 bytes of data:
    Reply from bytes=32 time=1ms TTL=63
    Reply from bytes=32 time=1ms TTL=63

    If you have your dhcp stuff register you should even need to do host over rides.. But this is how you do one - see attached.

    Again you can not BROADCAST for name on another segment..  So your stuff resolves via host name locally because your broadcasting for it..

    the Problem was that our LAN-net is getting DHCP and DNS from another DHPC-Server which apparently changed also the DNS-Settings incl. Search-Domains. As conclusion it was not possible to communicate from VLAN nets to the parent LAN net via hostnames.

