Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Only last FQDN entry used in Alias

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 2 Posters 931 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cyruspy
      last edited by cyruspy

      Anybody has seen that in a multihost Alias only the last FQDN entry works?.

      I created an alias with 3 entries:

      ning:~ # dig +short api.cloudflareclient.com
104.16.85.15
104.16.86.15

ning:~ # dig +short cp.cloudflare.com
104.19.198.151
104.19.199.151
104.19.195.151
104.19.196.151
104.19.197.151

ning:~ # dig +short engage.cloudflareclient.com
162.159.192.1

      But only the last one is present in the effective configuration:

      ning:~ # pfctl -T show -t CloudflareClient
162.159.192.1
2606:4700:d0::a29f:c001

      Version: 2.4.4-RELEASE-p3

      35074dd3-a50e-4df8-ad77-09ca9eab2cc8-image.png

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Nope working fine here

        [2.4.4-RELEASE][admin@sg4860.local.lan]/:  pfctl -T show -t testmulti
   104.16.85.15
   104.16.86.15
   104.19.195.151
   104.19.196.151
   104.19.197.151
   104.19.198.151
   104.19.199.151
   162.159.192.1
   2606:4700::6810:550f
   2606:4700::6810:560f
   2606:4700::6813:c397
   2606:4700::6813:c497
   2606:4700::6813:c597
   2606:4700::6813:c697
   2606:4700::6813:c797
   2606:4700:d0::a29f:c001
[2.4.4-RELEASE][admin@sg4860.local.lan]/:

        alias.png

        Are you doing anything odd with dns? Just forwarding out of the box with unbound?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • C Offline
          cyruspy
          last edited by

          Resolution seems to work fine:

          03574ae6-39f3-4e5f-b72d-f640c5a1f15d-image.png

          2dbbe830-56b7-4a17-bda8-50f62ed15338-image.png

          dd753b1a-f4a7-4d6f-bf8a-fe381cf3dc82-image.png

          Nothing fancy about the DNS setup for the firewall, DNSSafety is configured for the clients.

          1 Reply Last reply Reply Quote 0
          • C Offline
            cyruspy
            last edited by cyruspy

            Found this bug: https://redmine.pfsense.org/issues/9296

            Tried the proposed workaround:

            0f100420-69ae-480e-9142-345520fb24a0-image.png

            And it works now:

            81ae73fc-9a51-4198-96b4-7a1317749d88-image.png

            Not sure about how often will it break and there's not due date for the fix (probably it wasn't even properly reproduced since it seems random)

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              As you saw it was working for me..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07 | Lab VMs 2.8, 25.07

              C 1 Reply Last reply Reply Quote 0
              • C Offline
                cyruspy @johnpoz
                last edited by cyruspy

                @johnpoz thanks!, it was pretty clear 😇

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.