pfSense

In the latest release (v1.5.0 as of today), there is a new option unblock-lan-zones which is detailed as follows:

- -   Feature, unblock-lan-zones: yesno that you can use to make unbound
perform 10.0.0.0/8 and other reverse lookups normally, for use if
unbound is running service for localhost on localhost.

This may help with this (especially since Unbound from ports is now been used).

Now works for me on Tue Nov 18 23:43:52 CST 2014 build, reverse looking up internal private IPv4 addresses by having an override like 42.10.in-addr.arpa pointing to the internal Windows Server that has those reverse PTR records.
Someone else could also verify that this is working, since I did the code.

It would also be easy to just set "unblock-lan-zones: yes" - but then I suspect that for the parts of private address space that do not have a reverse lookup domain override defined in the config, the reverse lookups of private IPs will get forwarded to the default place, upstream, which is normally to public internet servers. We do not really want that.

Chris Buechler wrote:

I think the way things are now is best, don't want to be hitting the roots (or forwarders) for PTRs on RFC 1918 in the vast majority of use cases.

yeah agreed, however DNSMasq does relay these queries on - as I am sure 99% of other home dsl routers do.

Yes, they do - quote from http://en.wikipedia.org/wiki/Blackhole_server
"According to IANA, the blackhole servers receive thousands of queries every second."
The public internet has gone to the effort to set up a bunch of servers to give back NXDOMAIN for these rubbish requests.
It is best if pfSense is a good net citizen and does not add to this crud.