2.4.5 in testing, noticed domain override stopped working
-
Hi, I've been testing this new version, in a lab, and noticed that the domain override in DNS resolver stopped working.
It happens from time to time.To solve, I've to edit the domain override and save it again.
This is just for information purposes to help the developers.
In case you need further details, or tests that I can perform to help, just let me know.Version: 2.4.5.r.20200130.0307
Device: sg-3100
-
Is it just the domain override that stops working? Nothing else? Other hosts resolve OK?
Is the target server for the domain override local to you, or remote (either over WAN or VPN)?
Any errors in the resolver log when it's failing?
-
Yes, just the domain override, nothing else stops working.
I have a few Host Overrides that remains working, so the problem is only with the domain override.The target server is within my LAN, directly connected to pfsense.
Didn't find any logs.
I've noticed the problem during LDAP authentication to pfsense.
Troubleshooted and found that it was working by IP.
Went to Diagnosis> DNS Lookup, and it wasn't resolving the domain.So i've reapplied the DNS resolver domain override configuration, and it worked again.
This already happened twice, and I'm not sure what's is triggering it.The problem is happening right now, I can perform tests if you like, packet captures, not sure what would be the best approach.
-
Do you have anything else configured that might be affecting the DNS Resolver configuration, like pfBlocker?
I'm not aware of anything that would make only that one option fail.
-
No, pfblocker is uninstalled.
Packages installed:
Acme
Avahi
AWS-wizard
ipsec profile wizard
nut
-
When it's not working, from an ssh shell prompt, try to resolve it locally:
host -v blah. 127.0.0.1and perhaps:
drill blah. @127.0.0.1In either case,
blah.should be the actual hostname you are trying to look up. Be sure to include the trailing dot.
-
Ok, I'll do it, the thing is that it started to work again, without intervention this time.
I' ll wait for the problem begin again, and I'll perform those lookups as you suggested, and will update this topic.
-
Follow the output
[2.4.5-RC][root@pfSense.local.lan]/root: ping raspsrv.local.lan ping: cannot resolve raspsrv.local.lan: Unknown host [2.4.5-RC][root@pfSense.local.lan]/root: ping 192.168.255.251 PING 192.168.255.251 (192.168.255.251): 56 data bytes 64 bytes from 192.168.255.251: icmp_seq=0 ttl=64 time=0.623 ms ^C --- 192.168.255.251 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.623/0.623/0.623/0.000 ms [2.4.5-RC][root@pfSense.local.lan]/root: host -v raspsrv.local.lan. 127.0.0.1 Trying "raspsrv.local.lan" Trying "raspsrv.local.lan.local.lan" Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: Host raspsrv.local.lan not found: 3(NXDOMAIN) Received 120 bytes from 127.0.0.1#53 in 0 ms [2.4.5-RC][root@pfSense.local.lan]/root: drill raspsrv.local.lan. @127.0.0.1 ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 36661 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; raspsrv.local.lan. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: . 3463 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020013003 1800 900 604800 86400 ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; SERVER: 127.0.0.1 ;; WHEN: Thu Jan 30 17:14:01 2020 ;; MSG SIZE rcvd: 110
