2

Pfsense / NextDNS cli - client names

Hi all,

I've receintly setup the cli on pfsense. All is working as expected with the blocking and logging except some of the client names are showing in the logs with just a device number while others show the correct id.

All clients have static dhcp leases with their own client id's setup on pfsense . I did make some entries in the hosts file which cured the issue, but only temporarily as the hosts file enteries are lost whenever a config change is made on pfsense. I know another workaround would be to install the nextdns app on a device but thats not possible with some devices like IoT or cameras.

Anyone have any idea's ?

Many thanks.

11 replies

null
    • olivier
    • 3 yrs ago
    • Reported - view

    Do the hosts with no names in the logs have a name in the dhcp lease file?

    • David
    • 3 yrs ago
    • Reported - view

    not in the dhcpd.leases file but i've discovered the client names will show if the device is handed a dynamically assigned ip. (in which case it is in the lease file)

    If I create a static DHCP mapping as shown in the picture it won't show the name in the NextDNS logs 

      • olivier
      • 3 yrs ago
      • Reported - view

      David perhaps pfsense stores hostnames setup this way in separate location.

    • David
    • 3 yrs ago
    • Reported - view

    you've pointed me in the right direction, many thanks.

      • olivier
      • 3 yrs ago
      • Reported - view

      David what was the solution?

    • David
    • 3 yrs ago
    • Reported - view

    for now the workaround is to have the devices to obtain ip dynamically rather than have static mapping until I have the time to spend on finding the real cause.

    When / if I find a real fix then I'll post it here.

    • James_Quinn
    • 3 yrs ago
    • Reported - view

    David,

    Just curious if you found a solution as I am having the exact same issue? Thank you.

    • David
    • 3 yrs ago
    • Reported - view

    no James unfortunately I didn't. I get round the issue by having the NextDNS app installed on mobile devices. For others you could edit the hosts file on the PfSense box for local name resolution  but then that is lost on a reboot.

    • ksimm1
    • 3 yrs ago
    • Reported - view

    This solution using the discovery-dns feature reported by a user on github resolved it for me:

    https://github.com/nextdns/nextdns/issues/341#issuecomment-706738980

    I used unbound (DNS Resolver) in pfsense instead of dnsmasq but it works the same way.

    In the pfsense resolver settings, make sure this is checked if you want static IPs (enabled):

    "Register DHCP static mappings in the DNS Resolver"

    The only thing that is still quirky sometimes is when a device favors an IPv6 address. I'll still usually get a random client name logged in nextdns then.

    • MarkG
    • 3 yrs ago
    • Reported - view

    Hi Ksimm1!

    Thank you for sharing this.  Just a point of clarification:

    1.  NextDNS cli and DNS resolver shall be simultaneously enabled?

    2.  Custom field is blank?

    Is it possible for you to share a screenshot of your dns resolver page?

    Thanks a lot

    • MarkG
    • 3 yrs ago
    • Reported - view

    This is how I did it:

    Install NextDNS cli.  After that do the ff:

    1. Goto Dashboard -> Service -> DNS Resolver
       1.1 Set DNS Resolver IP to somethin else, e.g. 5555
       1.2 Check "Register DHP Leases in the DNS Resolver"
       1.3 Check "Register Static mappings in DNS Resolver"
       1.4 Save

    2. Goto Dashboard -> Diagnostics -> Edit File
       2.1 Browse "user/local/etc/nextdns.conf"
       2.1 Make sure the contents are the ff:

           control /var/run/nextdns.sock
           discovery-dns 127.0.0.1:5555
           bogus-priv true
           use-hosts true
           setup-router false
           listen LAN ip:53
           listen Opt1 ip:53
           listen Opt2 ip:53
           listen OPt3 ip:53
           listen localhost:53
           config xxxxxx
           cache-max-age 0s
           log-queries true
           max-ttl 5s
           report-client-info true
           detect-captive-portals false
           timeout 5s
           cache-size 10MB
           hardened-privacy false
           auto-activate true

    DONE!

    Stop and Restart DNS Resolver and NextDNS

    Limitation:
    1.  Only Host Names are logged.
    2.  "Dashboard -> Status -> DHP Leases" may not work

Content aside

  • 2 Likes
  • 3 yrs agoLast active
  • 11Replies
  • 2045Views
  • 6 Following