2.4.5 in testing, noticed domain override stopped working

  • Hi, I've been testing this new version, in a lab, and noticed that the domain override in DNS resolver stopped working.
    It happens from time to time.

    To solve, I've to edit the domain override and save it again.

    This is just for information purposes to help the developers.
    In case you need further details, or tests that I can perform to help, just let me know.

    Version: 2.4.5.r.20200130.0307
    Device: sg-3100

  • Rebel Alliance Developer Netgate

    Is it just the domain override that stops working? Nothing else? Other hosts resolve OK?

    Is the target server for the domain override local to you, or remote (either over WAN or VPN)?

    Any errors in the resolver log when it's failing?

  • Yes, just the domain override, nothing else stops working.
    I have a few Host Overrides that remains working, so the problem is only with the domain override.

    The target server is within my LAN, directly connected to pfsense.

    Didn't find any logs.

    I've noticed the problem during LDAP authentication to pfsense.
    Troubleshooted and found that it was working by IP.
    Went to Diagnosis> DNS Lookup, and it wasn't resolving the domain.

    So i've reapplied the DNS resolver domain override configuration, and it worked again.
    This already happened twice, and I'm not sure what's is triggering it.

    The problem is happening right now, I can perform tests if you like, packet captures, not sure what would be the best approach.

  • Rebel Alliance Developer Netgate

    Do you have anything else configured that might be affecting the DNS Resolver configuration, like pfBlocker?

    I'm not aware of anything that would make only that one option fail.

  • No, pfblocker is uninstalled.

    Packages installed:

    ipsec profile wizard

  • Rebel Alliance Developer Netgate

    When it's not working, from an ssh shell prompt, try to resolve it locally:

    host -v blah.

    and perhaps:

    drill blah. @

    In either case, blah. should be the actual hostname you are trying to look up. Be sure to include the trailing dot.

  • Ok, I'll do it, the thing is that it started to work again, without intervention this time.
    I' ll wait for the problem begin again, and I'll perform those lookups as you suggested, and will update this topic.

  • Follow the output

    [2.4.5-RC][root@pfSense.local.lan]/root: ping raspsrv.local.lan
    ping: cannot resolve raspsrv.local.lan: Unknown host
    [2.4.5-RC][root@pfSense.local.lan]/root: ping
    PING ( 56 data bytes
    64 bytes from icmp_seq=0 ttl=64 time=0.623 ms
    --- ping statistics ---
    1 packets transmitted, 1 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.623/0.623/0.623/0.000 ms
    [2.4.5-RC][root@pfSense.local.lan]/root: host -v raspsrv.local.lan.   Trying "raspsrv.local.lan"
    Trying "raspsrv.local.lan.local.lan"
    Using domain server:
    Host raspsrv.local.lan not found: 3(NXDOMAIN)
    Received 120 bytes from in 0 ms
    [2.4.5-RC][root@pfSense.local.lan]/root: drill raspsrv.local.lan. @
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 36661
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; raspsrv.local.lan.   IN      A
    .       3463    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2020013003 1800 900 604800 86400
    ;; Query time: 0 msec
    ;; SERVER:
    ;; WHEN: Thu Jan 30 17:14:01 2020
    ;; MSG SIZE  rcvd: 110


Log in to reply