Issues after upgrade to 2.4.4 on all firewalls : Diagnostic ->Tables is empty
-
First, you wouldn't inject an alias entry using
pfctlthat way for a hostname. Thefilterdnsdaemon manages that internally.Second, if it works sometimes and not others, it could be either because the host can't be resolved, or that it's already in the table.
The
adding actionlog entry meansfilterdnsread that entry from the config, not that it successfully resolved the host. -
Hi Jimp,
I know I should not add hostnames like this, I'm simply trying to make the problem clearer.
The table itself should hold only one entry (resolved to 192.168.212.135)
If I try to inject a non valid fqdn I get an error:
pfctl -t FQDN_Hamal -T add hamal2.intranet
no IP address found for hamal2.intranet -
So this is an internal domain, how are your DNS on pfSense configured. Make sure pfSense only uses name servers that can resolve those internal domains.
-
Hi Grimson,
sorry for the delay (and Happy New Year to all).
The DNS is configured to point
2 internal DNS server (reachables)
2 external DNS servers (google)I 've just removed the google ones and I will let you know
Regards.
-
Hi,
Today the problem is back again: some table are void: non traffic allowed despite the dns pointing only internal servers. -
And still no filterdns errors on the resolver log? Or system log?
Steve
-
No errors in system log.
No relevant errors in resolver log (only a few failed to resolve host : new_name.internal , due to devices that are already configured on the firewall but not on the dns server. Those entries have no concern with the void tables.)Regards
