Hello,
I have 2 servers behind pfsense and I also have a VPN on pfsense, but my 2 plex servers are NAT outbound to avoid the VPN, my isp has a DMZ for pfsense, I also have them forwarded on different ports to avoid ports colliding with each other, the problem is though I have though is they keep saying there indirect connections and I can’t find the issue
Are you using Unbound for DNS? I think sometimes that can throw it off. I have a Firewalla running Unbound DNS and followed their instructions (scroll down the page) to make sure Plex direct works with it. I saw similar recommendations in other threads about Unbound and I know pfsense tends to use Unbound (I think) so that came to mind.
Essentially need to add this to the unbound.conf file:
server:
private-domain: "plex.direct"
no but I’m using pihole as my dns provider but that points to google DNS, so I don’t know what’s going on
Gotcha.
Though I thought pihole defaulted to using Unbound and setting Google DNS pointed Unbound to google DNS instead of your ISP DNS but pihole could still be using Unbound if you didn’t specifically turn it off. I think on pihole\pfsense though you can add plex.direct to Unbound.conf via the GUI settings for Unbound (don’t have to SSH like I did with Firewalla). I could be remembering wrong though, it’s been a bit since I fiddled with it.
I just remember this coming up in the pihole\firewalla\pfsense community areas so it sticks out to me since you mentioned both pfsense and pihole being setup. That’s why Firewalla put it on their Unbound instructions along with unraid (so common).
It might be useful to upload up some of the logs though (server and client if you can get them) - it might give the more experienced Plex folks some insight (I never really got comfortable reading the Plex logs very well myself). Run your media so it triggers the indirect for a few minutes and then grab the logs a few minutes later.
AFAIK, no matter which DNS resolver is used in Pihole, they all do “DNS rebinding protection” by default and thus need the above mentioned exception rule added. Otherwise you will not be able to resolve the server IP in your local network.
I don’t think Pihole comes with unbound out the box, I think you have to set it up separate
Ah… that was the other one. 
I had to set Plex.direct as an exception in my NextDNS config for that reason too. I didn’t really have a problem with it but that came up in other areas too.
You might be right. I see Unbound used for pihole\pfsense particularly with the option to combine it with DoH (like NextDNS or ControlD) as a privacy solution I might be misremembering “common practice” with “default setup” (I end up in infosec spaces for work sometimes).
as far as google says “No, Pi-hole does not come with DNS rebinding protection built-in”
I just don’t know where to go from here
Don’t trust an AI.
All user reports so far on this forum say otherwise.
Read here for the technical background: https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/
1 Like
Grab those logs files I linked earlier maybe… couldn’t hurt. I just don’t remember if they capture the details needed to help resolve it.
bare in mind I have 2 plex servers running on different iP’s in the same subnet. So private domain would it still need to be plex.direct? as I think I have done this before and hasn’t worked
u want me to pose log files from where?
https://support.plex.tv/articles/201869908-log-files/ - follow these steps.
Edit: but updating those settings mentioned will only take two seconds and won’t hurt anything if unnecessary so it’s worth trying.
For Plex clients to find the server and commnunicate with it, plex.direct domain must be allowed.
All PMS clients, whether local or remote, refer to each other by FQDN using the *.plex.direct naming.
1 Like
It’s irrelevant how many servers you have. they all get their own sub-sub-domain on the plex.direct domain.
1 Like
Did you restart the services after?
The domain name is plex.direct. It’s not a wildcard name *.plex.direct
the plex services?
