Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.4.5 in testing, noticed domain override stopped working

    Development
    2
    8
    179
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury last edited by

      Hi, I've been testing this new version, in a lab, and noticed that the domain override in DNS resolver stopped working.
      It happens from time to time.

      To solve, I've to edit the domain override and save it again.

      This is just for information purposes to help the developers.
      In case you need further details, or tests that I can perform to help, just let me know.

      Version: 2.4.5.r.20200130.0307
      Device: sg-3100

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Is it just the domain override that stops working? Nothing else? Other hosts resolve OK?

        Is the target server for the domain override local to you, or remote (either over WAN or VPN)?

        Any errors in the resolver log when it's failing?

        1 Reply Last reply Reply Quote 0
        • M
          mcury last edited by mcury

          Yes, just the domain override, nothing else stops working.
          I have a few Host Overrides that remains working, so the problem is only with the domain override.

          The target server is within my LAN, directly connected to pfsense.

          Didn't find any logs.

          I've noticed the problem during LDAP authentication to pfsense.
          Troubleshooted and found that it was working by IP.
          Went to Diagnosis> DNS Lookup, and it wasn't resolving the domain.

          So i've reapplied the DNS resolver domain override configuration, and it worked again.
          This already happened twice, and I'm not sure what's is triggering it.

          The problem is happening right now, I can perform tests if you like, packet captures, not sure what would be the best approach.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Do you have anything else configured that might be affecting the DNS Resolver configuration, like pfBlocker?

            I'm not aware of anything that would make only that one option fail.

            1 Reply Last reply Reply Quote 0
            • M
              mcury last edited by

              No, pfblocker is uninstalled.

              Packages installed:

              Acme
              Avahi
              AWS-wizard
              ipsec profile wizard
              nut

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                When it's not working, from an ssh shell prompt, try to resolve it locally:

                host -v blah. 127.0.0.1
                

                and perhaps:

                drill blah. @127.0.0.1
                

                In either case, blah. should be the actual hostname you are trying to look up. Be sure to include the trailing dot.

                1 Reply Last reply Reply Quote 0
                • M
                  mcury last edited by

                  Ok, I'll do it, the thing is that it started to work again, without intervention this time.
                  I' ll wait for the problem begin again, and I'll perform those lookups as you suggested, and will update this topic.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mcury last edited by mcury

                    Follow the output

                    [2.4.5-RC][root@pfSense.local.lan]/root: ping raspsrv.local.lan
                    ping: cannot resolve raspsrv.local.lan: Unknown host
                    
                    [2.4.5-RC][root@pfSense.local.lan]/root: ping 192.168.255.251
                    PING 192.168.255.251 (192.168.255.251): 56 data bytes
                    64 bytes from 192.168.255.251: icmp_seq=0 ttl=64 time=0.623 ms
                    ^C
                    --- 192.168.255.251 ping statistics ---
                    1 packets transmitted, 1 packets received, 0.0% packet loss
                    round-trip min/avg/max/stddev = 0.623/0.623/0.623/0.000 ms
                    
                    [2.4.5-RC][root@pfSense.local.lan]/root: host -v raspsrv.local.lan. 127.0.0.1   Trying "raspsrv.local.lan"
                    Trying "raspsrv.local.lan.local.lan"
                    Using domain server:
                    Name: 127.0.0.1
                    Address: 127.0.0.1#53
                    Aliases:
                    
                    Host raspsrv.local.lan not found: 3(NXDOMAIN)
                    Received 120 bytes from 127.0.0.1#53 in 0 ms
                    [2.4.5-RC][root@pfSense.local.lan]/root: drill raspsrv.local.lan. @127.0.0.1
                    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 36661
                    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
                    ;; QUESTION SECTION:
                    ;; raspsrv.local.lan.   IN      A
                    
                    ;; ANSWER SECTION:
                    
                    ;; AUTHORITY SECTION:
                    .       3463    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2020013003 1800 900 604800 86400
                    
                    ;; ADDITIONAL SECTION:
                    
                    ;; Query time: 0 msec
                    ;; SERVER: 127.0.0.1
                    ;; WHEN: Thu Jan 30 17:14:01 2020
                    ;; MSG SIZE  rcvd: 110
                    

                    7146798c-fc58-421a-be6b-ac7dc398ef8b-image.png

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy