Router advertisement problem: wrong dns server when dns forwarder or resolver is enabled.

correajl

When configuring Router Advertisements service on network A interface, we have the section "DNS Configuration" where we can set up to 3 dns servers or leave blank. The interface says "Leave blank to use the system default DNS servers - this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page".

Here we have a lot of networks. Network A doesn't have DNS Forwarder neither DNS Resolver configured. But another network uses DNS Forwarder. We expected that leaving blank the router advertisements would send RA on network A offering the DNS Server configured on the General Page. But, the RA offer the IP address of network A interface as DNS Server, although this network doesn't use Forwarder neither Resolver.

So, I'm guessing that if Forwarder or Resolver is enabled in any interface, the RA is configured to send the IP address of the interface as dns server on another interfaces that are not related to Forwarder or Resolver service. I think this is wrong.

What do you think? Could anyone make tests? Is it a bug?

johnpoz

@correajl said in Router advertisement problem: wrong dns server when dns forwarder or resolver is enabled.:

Network A doesn't have DNS Forwarder neither DNS Resolver configured.

Is forwarder or resolver listening on that interface?

Lets be clear what is going on..
Network A, dns not listing on interface A?
Network B, RA has no dns setup... left blank and it hands out IP A? Or IP for network B interface.

correajl

Hi! Sorry if I was so confused.

General Setup: DNS IPv6 address configured = X

Network A, interface A, DNS not listening, IPv4 address A4, IPv6 address A6, radvd enabled and all blank on DNS config.

Network B, interface B, DNS Forwarder enabled, IPv4 address B4, no IPv6, radvd not enabled.

Expected: RAs on network A should have X as DNS server.
What is happening: RAs on network A are having A6 as DNS server.

The only network that uses DNS Forwarder is B and it doesn't have IPv6.

Other test: if I configure one dns server address in Router Advertisements screen, RAs stop to offer A6 (so offer the configured address, what is expected).

Thanks a bunch for the help!

johnpoz

@correajl said in Router advertisement problem: wrong dns server when dns forwarder or resolver is enabled.:

What is happening: RAs on network A are having A6 as DNS server.

That is WAD... You have the forwarder running do you not.. Did you set strict for the binding?

I would just put in the dns you want your RA to send out in the dns boxes so your CLEAR exactly which dns is going to be sent out.

correajl

@johnpoz said in Router advertisement problem: wrong dns server when dns forwarder or resolver is enabled.:

That is WAD... You have the forwarder running do you not.. Did you set strict for the binding?

Yes, strict was set. Forwarder only binds on interface B (checked on GUI and netstat).

I would just put in the dns you want your RA to send out in the dns boxes so your CLEAR exactly which dns is going to be sent out.

Ok, thank you for the advise. I'll think about do that. The problem is that I've 50 interfaces. As the default option on RA configuration screen says "if you leave blank it'll be used the DNS server from General Setup" I would like to use that way.

I think that if Forwarder is enabled, strict on 1 specifc interface, do not make sense RA on all the others networks suffer efects of that configuration. On all the other interfaces RA is offering a dns server that doesn't exist.

Anyway, thank you so much!

johnpoz

It says unless your running forwarder/resolver.. Prob could be worded a bit more precise - or actually check to see if listening on actual interface if you have strict set.

Normally people that run resolver/forwarder want their dhcp clients to talk to pfsense. This is what like 99% of use cases (number just pulled out of my ass <grin>)

If you have a lot of interfaces pick the way you want to go about it that is least amount of work ;)

I will try and duplicate so can put in request to have wording updated, or option changed so that if strict and not bound to interface don't hand out pfsense IP.