PfSense serving old DNS records - DNS Resolver / unbound
-
Hi,
I am having an issue where pfSense is serving up old statically set DNS records. Im using DNS resolver (unbound)
I had a Host Overide set as hass.test.local -> 192.168.5.50
I then changed the Host Overide to hass.test.local -> 192.168.5.52 (Server IP had changed as moving service to different server)
When I clear the DNS cache on my windows machine I now get served the old IP and the new IP with the old being at the top of the list.
nslookup hass.test.local Server : gateway.test.local Address: 192.168.1.1 Name: hass.test.local Address: 192.168.5.50 192.168.5.52
If I run Dig on the pfSense box I get both IP address returned.
dig hass.test.local ; <<>> DiG 9.11.2 <<>> hass.test.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65408 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;hass.test.local. IN A ;; ANSWER SECTION: hass.test.local. 3600 IN A 192.168.5.50 hass.test.local. 3600 IN A 192.168.5.52 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Mar 03 23:41:17 UTC 2018 ;; MSG SIZE rcvd: 85
I have restarted unbound.
I have flushed the cache
unbound-control -c /var/unbound/unbound.conf flush_zone test.local
I cant find any reference to hass in the cache
unbound-control -c /var/unbound/unbound.conf dump_cache | grep test.local
Any suggestions on how to remove the old IP and stop it being served out to clients?
-
I have found a fix but I'm not sure if this is a bug or general unbound behaviour.
To fix:
I deleted all references to hass.test.local in the Host Overrides section (in the GUI)Restarted unbound service (GUI)
re added hass.test.local -> 192.168.5.52 (GUI)
Reviewing the host_entries.conf file all old hosts were still in the file so I manually removed them with vi leaving only the correct host. (Console)
Restarted unbound service (GUI)
Fixed!
Is there a bug in the Host Overrides sections where old host references are not being deleted?
-
Sorry, answering my own post again but I think I have found the real reason.
I still had the new server getting and IP address through DHCP and had left it statically assigned an address with the old hostname Hass. I think this must have been registering in unbound.
-
Yes a dhcp reservation/static can be set to registered. Doing so and then creating a host overrride with a different IP would give you 2 IPs for the same host name.