DNS Resolver private domains in 2.3

  • I recently installed pfSense 2.2 at home in place of a home router. In order to get Plex to work, I had to add some custom options to the DNS Resolver to set private-domain: "plex.direct".

    I just upgraded to 2.3, and it seems now that this option is no longer working.

    Is it possible this option has changed or broken in 2.3? I'm not really sure how to debug this part of pfSense.


  • That still works the same as before.

    When you ping your plex hostname, what do you get?

  • thanks for the quick response. The host running plex runs fine. Plex seems to do some weird things with certificates (see this article, in the DNS Rebinding section: https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections). I don't fully understand what they do, but the short is they use signed certificates for hosts in the .plex.direct domain, and somehow use DNS rebinding to allow the host to present itself as that host.

    I can believe it's still designed to work as it did in 2.2. I can also believe it's still working, and some coincidence caused it to fail after the update. But from the tool I use (PlexConnect) to get my AppleTV v3 to talk to Plex, I now get timeouts where before the system worked.

  • If you try to ping your blah.plex.direct hostname, whether or not it resolves will be telling. That's the first thing to troubleshoot, and will tell whether or not DNS is at fault.

  • Great, thanks. I checked and ping does still work, so it must be something else. Thanks again!

  • Yeah in that case your DNS is working fine.

  • Not sure if original poster got issue resolved but big thanks as adding the line from the original post below under DNS Resolver -> General Settings -> Custom Options fixed my issue with logging in https://app.plex.tv/web/app:

    private-domain: "plex.direct"

    Thank-you!  :D

    For reference for those others who run in to it, after the fact I found this under Modem/Router Settings header towards bottom page:

Log in to reply