Only last FQDN entry used in Alias
-
Anybody has seen that in a multihost Alias only the last FQDN entry works?.
I created an alias with 3 entries:
ning:~ # dig +short api.cloudflareclient.com 104.16.85.15 104.16.86.15 ning:~ # dig +short cp.cloudflare.com 104.19.198.151 104.19.199.151 104.19.195.151 104.19.196.151 104.19.197.151 ning:~ # dig +short engage.cloudflareclient.com 162.159.192.1
But only the last one is present in the effective configuration:
ning:~ # pfctl -T show -t CloudflareClient 162.159.192.1 2606:4700:d0::a29f:c001
Version: 2.4.4-RELEASE-p3
-
Nope working fine here
[2.4.4-RELEASE][admin@sg4860.local.lan]/: pfctl -T show -t testmulti 104.16.85.15 104.16.86.15 104.19.195.151 104.19.196.151 104.19.197.151 104.19.198.151 104.19.199.151 162.159.192.1 2606:4700::6810:550f 2606:4700::6810:560f 2606:4700::6813:c397 2606:4700::6813:c497 2606:4700::6813:c597 2606:4700::6813:c697 2606:4700::6813:c797 2606:4700:d0::a29f:c001 [2.4.4-RELEASE][admin@sg4860.local.lan]/:
Are you doing anything odd with dns? Just forwarding out of the box with unbound?
-
Resolution seems to work fine:
Nothing fancy about the DNS setup for the firewall, DNSSafety is configured for the clients.
-
Found this bug: https://redmine.pfsense.org/issues/9296
Tried the proposed workaround:
And it works now:
Not sure about how often will it break and there's not due date for the fix (probably it wasn't even properly reproduced since it seems random)
-
As you saw it was working for me..
-
@johnpoz thanks!, it was pretty clear