2.4.5 in testing, noticed domain override stopped working



  • Hi, I've been testing this new version, in a lab, and noticed that the domain override in DNS resolver stopped working.
    It happens from time to time.

    To solve, I've to edit the domain override and save it again.

    This is just for information purposes to help the developers.
    In case you need further details, or tests that I can perform to help, just let me know.

    Version: 2.4.5.r.20200130.0307
    Device: sg-3100


  • Rebel Alliance Developer Netgate

    Is it just the domain override that stops working? Nothing else? Other hosts resolve OK?

    Is the target server for the domain override local to you, or remote (either over WAN or VPN)?

    Any errors in the resolver log when it's failing?



  • Yes, just the domain override, nothing else stops working.
    I have a few Host Overrides that remains working, so the problem is only with the domain override.

    The target server is within my LAN, directly connected to pfsense.

    Didn't find any logs.

    I've noticed the problem during LDAP authentication to pfsense.
    Troubleshooted and found that it was working by IP.
    Went to Diagnosis> DNS Lookup, and it wasn't resolving the domain.

    So i've reapplied the DNS resolver domain override configuration, and it worked again.
    This already happened twice, and I'm not sure what's is triggering it.

    The problem is happening right now, I can perform tests if you like, packet captures, not sure what would be the best approach.


  • Rebel Alliance Developer Netgate

    Do you have anything else configured that might be affecting the DNS Resolver configuration, like pfBlocker?

    I'm not aware of anything that would make only that one option fail.



  • No, pfblocker is uninstalled.

    Packages installed:

    Acme
    Avahi
    AWS-wizard
    ipsec profile wizard
    nut


  • Rebel Alliance Developer Netgate

    When it's not working, from an ssh shell prompt, try to resolve it locally:

    host -v blah. 127.0.0.1
    

    and perhaps:

    drill blah. @127.0.0.1
    

    In either case, blah. should be the actual hostname you are trying to look up. Be sure to include the trailing dot.



  • Ok, I'll do it, the thing is that it started to work again, without intervention this time.
    I' ll wait for the problem begin again, and I'll perform those lookups as you suggested, and will update this topic.



  • Follow the output

    [2.4.5-RC][root@pfSense.local.lan]/root: ping raspsrv.local.lan
    ping: cannot resolve raspsrv.local.lan: Unknown host
    
    [2.4.5-RC][root@pfSense.local.lan]/root: ping 192.168.255.251
    PING 192.168.255.251 (192.168.255.251): 56 data bytes
    64 bytes from 192.168.255.251: icmp_seq=0 ttl=64 time=0.623 ms
    ^C
    --- 192.168.255.251 ping statistics ---
    1 packets transmitted, 1 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.623/0.623/0.623/0.000 ms
    
    [2.4.5-RC][root@pfSense.local.lan]/root: host -v raspsrv.local.lan. 127.0.0.1   Trying "raspsrv.local.lan"
    Trying "raspsrv.local.lan.local.lan"
    Using domain server:
    Name: 127.0.0.1
    Address: 127.0.0.1#53
    Aliases:
    
    Host raspsrv.local.lan not found: 3(NXDOMAIN)
    Received 120 bytes from 127.0.0.1#53 in 0 ms
    [2.4.5-RC][root@pfSense.local.lan]/root: drill raspsrv.local.lan. @127.0.0.1
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 36661
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; raspsrv.local.lan.   IN      A
    
    ;; ANSWER SECTION:
    
    ;; AUTHORITY SECTION:
    .       3463    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2020013003 1800 900 604800 86400
    
    ;; ADDITIONAL SECTION:
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Thu Jan 30 17:14:01 2020
    ;; MSG SIZE  rcvd: 110
    

    7146798c-fc58-421a-be6b-ac7dc398ef8b-image.png


Log in to reply