Restart the pfSense device and connect your modem to your WAN port if you haven’t already.

The system should boot and allow you to log back into the dashboard where if everything is correct, the WAN interfaces will have IP addresses allocated to them.

Connect up a managed switch to test the various subnets work correctly.

Connect to each subnet in turn and verify a client receives an appropriate address from the associated DHCP pool.

Heres the connection when connected to the CLEAR network where a 192.168.50.100 address has been awarded.

ifconfig en0
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    ether xx:xx:xx:xx:xx:xx
    inet6 fe80::bae8:56ff:fe30:905e%en0 prefixlen 64 scopeid 0x4
    inet 192.168.50.100 netmask 0xffffff00 broadcast 192.168.50.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

We have three methods of DNS resolution to verify:

• LAN: Uses Resolver for local and non-local lookups. External DNS servers requests are redirected back to pfSense.
• CLEAR: Uses public DNS resolvers.
• IOT: Uses Resolver for local and non-local lookups. External DNS servers requests are redirected back to pfSense.
• GUEST: Uses public DNS resolvers. No local lookups should be possible.

dig pfsense.org
 
; <<>> DiG 9.10.6 <<>> pfsense.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20952
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pfsense.org.			IN	A
 
;; ANSWER SECTION:
pfsense.org.		261	IN	A	208.123.73.69
 
;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Mar 27 14:26:22 PDT 2020
;; MSG SIZE  rcvd: 56

Force the DNS query to use Google's DNS server (8.8.8.8).

This should be redirected back to the pfSense DNS resolver for lookup.

dig @8.8.8.8 pfsense.org
 
; <<>> DiG 9.10.6 <<>> @8.8.8.8 pfsense.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pfsense.org.			IN	A
 
;; ANSWER SECTION:
pfsense.org.		232	IN	A	208.123.73.69
 
;; Query time: 2 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Mar 27 14:26:51 PDT 2020
;; MSG SIZE  rcvd: 56

Use nslookup to lookup the pfSense gateway by its hostname and verify the address is returned correctly.

dig pfsense.local.lan
 
; <<>> DiG 9.10.6 <<>> pfsense.local.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44388
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pfsense.local.lan.		IN	A
 
;; ANSWER SECTION:
pfsense.local.lan.	3600	IN	A	192.168.1.1
 
;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Mar 27 14:35:35 PDT 2020
;; MSG SIZE  rcvd: 62

Verify you can resolve a hostname from an IP address.

dig +noall +answer -x 192.168.1.1
1.2.168.192.in-addr.arpa. 3600	IN	PTR	pfSense.local.lan.

My DNS Resolver is defined as authoritative for my local.lan domain.

If I try and lookup an address which is not part of my network, it will return status: NXDOMAIN rather than forward the lookup to external DNS resolvers.

dig nothere.local.lan
 
; <<>> DiG 9.8.3-P1 <<>> nothere.local.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18955
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
;; QUESTION SECTION:
;nothere.local.lan.     IN  A
 
;; AUTHORITY SECTION:
local.lan.      10800   IN  SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800
 
;; Query time: 4 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Aug 27 10:22:30 2017
;; MSG SIZE  rcvd: 84