Only last FQDN entry used in Alias
Anybody has seen that in a multihost Alias only the last FQDN entry works?.
I created an alias with 3 entries:
ning:~ # dig +short api.cloudflareclient.com 184.108.40.206 220.127.116.11 ning:~ # dig +short cp.cloudflare.com 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 ning:~ # dig +short engage.cloudflareclient.com 220.127.116.11
But only the last one is present in the effective configuration:
ning:~ # pfctl -T show -t CloudflareClient 18.104.22.168 2606:4700:d0::a29f:c001
Nope working fine here
[2.4.4-RELEASE][firstname.lastname@example.org]/: pfctl -T show -t testmulti 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 2606:4700::6810:550f 2606:4700::6810:560f 2606:4700::6813:c397 2606:4700::6813:c497 2606:4700::6813:c597 2606:4700::6813:c697 2606:4700::6813:c797 2606:4700:d0::a29f:c001 [2.4.4-RELEASE][email@example.com]/:
Are you doing anything odd with dns? Just forwarding out of the box with unbound?
cyruspy last edited by
Resolution seems to work fine:
Nothing fancy about the DNS setup for the firewall, DNSSafety is configured for the clients.
Found this bug: https://redmine.pfsense.org/issues/9296
Tried the proposed workaround:
And it works now:
Not sure about how often will it break and there's not due date for the fix (probably it wasn't even properly reproduced since it seems random)
As you saw it was working for me..
@johnpoz thanks!, it was pretty clear