Dns forwarder host overrides

johnpoz

seeing this error on the dns forwarder page just above the listed hosts - they are still resolving.

Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280 Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280

currently running
2.1-DEVELOPMENT (i386)
built on Wed May 9 20:02:45 EDT 2012
FreeBSD 8.3-RELEASE-p1

BTW – does someone know how to change the TTL of these records.. They seem to be 1, which is way to low.

So looked up this for dnsmasq
-T, --local-ttl= <time>When replying with information from /etc/hosts or the DHCP leases file dnsmasq by default sets the time-to-live field to zero, meaning that the requester should not itself cache the information. This is the correct thing to do in almost all situations. This option allows a time-to-live (in seconds) to be given for these replies. This will reduce the load on the server at the expense of clients using stale data under some circumstances.

Where did they come up with that?? I could see maybe with a dhcp client having a short ttl, but 0 is stupid! Especially for the manual ones put in that are STATIC IPs ;)

come on - is my pfsense.local.lan box going to change its ip.. Then why a 1 second ttl?

;; QUESTION SECTION:
;pfsense.local.lan. IN A

;; ANSWER SECTION:
pfsense.local.lan. 1 IN A 192.168.1.253

;; Query time: 5 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)</time>

dhatz

I'm seeing the same error in page https://pfsense-ip/services_dnsmasq.php

Host Overrides

Entries in this section override individual results from the forwarders. Use these for changing DNS results or for adding custom DNS records.
Warning: Invalid argument supplied for foreach() in /usr/local/www/services_dnsmasq.php on line 280
Host Domain IP Description

2.1-DEVELOPMENT (i386)
built on Thu May 10 15:53:11 EDT 2012
FreeBSD 8.3-RELEASE-p1

johnpoz

still errors after latest snap

2.1-DEVELOPMENT (i386)
built on Fri May 11 17:56:19 EDT 2012
FreeBSD 8.3-RELEASE-p1

edit: Ok just ran a gitsync and still a problem. Looks like a bug in this commit
https://github.com/bsdperimeter/pfsense/commit/5a2a83493cdb3f647b4913f3b84ef864103148f5

Also, should I not be able to add an option in the advanced section, I want to set a local TTL for /etc/hosts and dhcp, etc. because 0 or 1 is just insane. From what it says under the advanced box

Enter any additional options you would like to add to the dnsmasq configuration here, separated by a space or newline

But if I add what I see from the dnsmasq manual

Normally responses which come form /etc/hosts and the DHCP lease

file have Time-To-Live set as zero, which conventionally means

do not cache further. If you are happy to trade lower load on the

server for potentially stale date, you can set a time-to-live (in

seconds) here.

#local-ttl=

So when I added local-ttl=60 for testing it took it without problem but then dnsforwarder would not start.

I was running dnstop for less than 24 hours, and from my one machine there were over 1100 queries for my esxi.local.lan box. There is no reason for that when that ip is static and not going to change.

stillerrors.jpg_thumb

Roots0

I'm seeing the same thing on:

2.1-DEVELOPMENT (i386)
built on Fri May 11 11:07:48 EDT 2012
FreeBSD 8.3-RELEASE-p1

dnshostover.jpg_thumb

jimp

That should have been fixed in newer snaps, does it still happen?

johnpoz

I will update to the current snap I am showing when I get home tonight
New version: Mon May 14 22:09:36 EDT 2012

But I just ran a gitsync and its still happening.

Also will these new snaps fix the ability to set a local ttl with local-ttl= in the advanced section? If I set it currently it kills dns forwarder.

jimp

@johnpoz:

I will update to the current snap I am showing when I get home tonight
New version: Mon May 14 22:09:36 EDT 2012

But I just ran a gitsync and its still happening.

ok, it should really be fixed now.

@johnpoz:

Also will these new snaps fix the ability to set a local ttl with local-ttl= in the advanced section? If I set it currently it kills dns forwarder.

No, because we already specify that on the command line, so putting it in advanced does not work.

dnsmasq[54345]: bad command line options: illegal repeated flag

johnpoz

So you are setting local to 1 second, where is this command line so can edit it. Can it be moved to somewhere in the gui, is it already?

It makes no sense to have static entries, the host over rides and then set a ttl of 1 on them..

Or when is unbound going to be ready?

jimp

Not sure what it hurts to have it set to 1, it's all local so it's not like it's putting a burden on the server. Plus if you change the records, the effect would be nearly immediate.

If you want to edit that it's in etc/inc/services.inc

Unbound is close, but I'm not sure it will replace the DNS forwarder entirely or just be an option to use. I think all the binaries and files are there, it just needs some final bits of glue.

johnpoz

It doesn't really hurt anything – just not optimal, I was looking at dnstop the other day, and queries for my my esxi.local.lan where well over 1100 for like 8 hours.. Now I did have the vclient open, so that was why so many queries I am sure.

I have lots of hosts on my network that are static - just no reason to have to query for them so often.. Not going to change them all that often, if I do I would know to reset the local computers cache.

So I can edit services.inc -- but its just going to get overwritten next update to that file. Why is it being set at the command line anyway?

jimp

It's set there because we don't write out a dnsmasq.conf so the only way we control dnsmasq is via the command line.

Yes, services.inc will be overwritten during an update, so you'll have to edit it again. There isn't a way to make such a change permanent yet.