Alias Entries Are Not Being Added To The Tables (Even Hardcoded IPs)
-
It's hard to believe that this far into pfSense development that alias resolution is still a problem.
I've searched and searched to get either debug output or a log of any kind of the aliases being processed so that I can understand why they're not being refreshed.
I can ping a host and get a result from the resolver that is correct, however an alias with that same hostname does not show up in the alias table.
I've had many issues with this in the past but never as bad as it's happening right now. I have one alias that has a dozen FQDN in it (and has worked in the past) but currently has ZERO entries in the table. This is an alias that is being used in a firewall rule.
Can anyone help me with how I should begin debugging this issue?
-
The aliases are updated by a custom binary piece called
filterdns
. The entire source code for that binary is here: https://github.com/pfsense/FreeBSD-ports/tree/devel/net/filterdns.That binary has a long and checkered past of not working correctly at random intervals. The last major rework was done in 2022 as best I recall. It is a somewhat complicated multithreaded application. It launches individual threads for each alias (and may even launch a separate thread for each FQDN defined in each alias). Been a while since I looked into the C code, so I don't recall the exact implementation.
I know this does not directly help you solve your issue, but if you have some C coding expertise you might take a look at the binary's code and spot something.
-
@dark-baritone said in Alias Entries Are Not Being Added To The Tables (Even Hardcoded IPs):
I've had many issues with this in the past
Your a member for 11 hours... It is running ok here, so good luck.
-
@Bob-Dig does make a good point. The "I have a problem" posts related to
filterdns
have decreased quite a bit since the big update in 2022.You don't state the pfSense version you are running in your post. Are you on the latest 2.7.2 CE version or do you have pfSense Plus 24.11? Judging from the decrease in posts about FQDN resolution, the newest pfSense versions with the updated
filterdns
daemon seem to be working better. -
@Bob-Dig I might have been a member for 11 hours, but I've been running pfSense since 2015 :P
-
@bmeeks yes, I'm on the latest version. I apologize I should have mentioned that. Unfortunately the problems persist. Is there anything I can do to help debug? I was hoping for some kind of logging. Looking at the C code isn't that helpful since a) I don't understand C and b) I'm more curious about what it's doing in my particular case.
-
@bmeeks Thanks for the reply! It looks like there's a reference to a log file in the variable
LOG_INFO
that is outputting some good information. Any idea where this is set or what it's set to for a default installation? -
Errors should log to Status/System Logs/System/DNS Resolver. It should attempt every 5 minutes unless the default timer was changed.