Host Alias Issue

james416 · Jan 23, 2020, 12:56 AM

I'm having an issue with host aliases, which could be due to my misunderstanding them so wondering if anyone could help or explain.
I have an Alias setup using the IP category, and using the host(s) type. Within, I have 3 rows with FQDN's like example1.dyndns.org, example2.dyndns.org, example3.dyndns.org. I've gone into diagnostics and done a DNS lookup on each, and they all respond. My Issue is that I expect Diagnostics-Tables should show my table containing 3 IPs, but as far as I can see it only contains 1 any time I look.
I'm running into an issue that I know I can fix by adding more firewall rules, but I'd like to avoid.
My problem is that I have a rule linked to this alias to all a VPN connection and I'll agree what I"m doing is stupid, but it should work. So example1 is a house I sometimes work from, example2 is my work, and example3 follows me (my laptop updates dyn wherever I am). Where I"m running into an issue, it lets me log in to the VPN, but then my dyn updater changes example3 to my pfsense location. This works fine until I disconnect and if I want to reconnect it won't work until I wait for my dyn to update again. The problem I"m seeing is that the table holds only the pfsense IP, until the dns resolver kicks in again. But if the table held example2 it would work.

johnpoz · Jan 23, 2020, 1:34 AM

You going to have to show us what is doing..

Keep in mind - as listed on the diag, tables screen

"Aliases become Tables when loaded into the active firewall ruleset. "

Did you put the alias in a rule?

here

james416 · Jan 23, 2020, 2:16 AM

As far as I can see mine is the same. My 3 host items are the FQDN's instead of the IPs in yours. The alias is the source in more than 1 rule, when I mouse over the alias in the source, it shows the 3 FQDNs. But the Diagnostics has only ever shown 1 IP address listed and not the 3 I'm expecting. Though technically 2 of my FQDN's may be the same IP, so I'd be fine seeing 2, but I've been checking periodically over the last week and only ever see 1.
I saw someone complaining they had issues with the same 2 FQDN's in existing in different aliases so I've tried removing that one, didn't help. I've replaced one of the FQDN items with the other alias (suggested in another post to avoid looking it up twice).
And as far as I can tell, it's using the top listed FQDN, which is the one that follows me, so when I look at the table the single IP it shows does change. I'll try to figure out how to post images but the only differences are what i mentioned, using FQDN instead of IPs, and Table only shows 1 item.

johnpoz · Jan 23, 2020, 3:37 AM

tables only going to show the IPs it resolves.. are these public fqdn? If so PM them and will try and duplicate your alias setup here. And take a look at what they resolve too.

You post pictures here

Really need the actual fqdn your working with to try and duplicate the problem..

Unless you are ok with posting them public here, which I would think should be fine.. they are public I take it so what does it matter?

james416 · Jan 23, 2020, 4:11 AM

Yes they are public fqdn's though I don't really want to share. But as I mentioned, if I go into Diagnostics and use DNS lookup, they all resolve A records and are valid, accessible public IPs.
This one is not mine, but it resolves similarly to mine, and is from the same company- test.dyndns.org.
Oddly if I add it as the 4th item in my aliases, my table does now show 2 IPs, which are the first and fourth entries. All 4 entries are from the same service, only the fourth one isn't mine, the rest I control.

johnpoz · Jan 23, 2020, 11:36 AM

@james416 said in Host Alias Issue:

I don't really want to share.

Well good luck then... Since can not duplicate you issue... I put in 3 fqdn, I get 3 IPs... If put in 1 fqdn that returns more than 1, then have more then one... all works as it should - can not help you until I can see how the stuff is resolving..

Here I put in
www.pfsense.org
forum.netgate.com
www.netgate.com

All the IPs they resolve too, even the AAAA are listed in the table.

jimp · Jan 23, 2020, 2:23 PM

Sounds like https://redmine.pfsense.org/issues/9296

Try it on 2.4.5

johnpoz · Jan 23, 2020, 2:25 PM

Possible he made no mention of using these fqdn in other aliases

james416 · Jan 23, 2020, 3:33 PM

I did at one point have the same fqdn in 2 aliases, however after removing one instance of the duplicate it didn't help.
The one thing I'm doing that maybe it doesn't like is have 2 fqdn's that may at times equate to the same IP.
I did see a post about the multiple FQDNs and I tried the adding individual aliases, and then one alias that referenced the other aliases and after a restart my tables looked better and had correct IPs, but I ran into another issue where it was now blocking my connections for some reason. And I had multiple rules, one for the combined alias, and another similar (different port forward) for one of the single alias items, and still another one another of the single aliases for another port and none of them were working.
These were rules that were working a day before and the only change was the source address alias used.

I may try the upgrade to 2.4.5 when I get a chance, but i'll have to see what's involved.