If you're using an alternate DNS root server such as OpenNIC, and your network uses a pfSense-based router, you may find that clients are, strangely, unable to resolve unofficial TLDs, getting SERVFAIL or NXDOMAIN. There are 3 ways I can think of to quickly solve this problem for the whole network, listed here in increasing order of complication: 1. Disable the DNS resolver Go to Services > DNS Resolver …