127.0.0.1 shows as DNS server? (2.0-RC3 i386)

seh2000

Hi,

Since the last two snapshots (current snapshot is 2.0-RC3 i386 20110809 15:52) I noticed in Dashboard under DNS Server(s) 127.0.0.1 (localhost) listed as a DNS server (see attached screen shot) I don't recall having seen this before.
How come or what have I done wrong in my configuration? Shall I just forget/ignore?

BR// Steen


tebeve

2.1-DEVELOPMENT (i386)
built on Tue Aug 9 22:33:41 EDT 2011

Just updated to the lastest snap today from July 8th RC3 snap… I'm seeing this now also.

eri--

IT is ok, just ignore :)

tebeve

@ermal:

IT is ok, just ignore :)

I pretty much assumed it was nothing, I mean the localhost in this case is doing dns… but thought I would report also in case it was something that had slipped through you guys didnt want.

Thanks ermal.

seh2000

@ermal:

IT is ok, just ignore :)

I can ignore, but why suddenly appear, not seen in any of the previous 2.0 release candidates (1, 2, 3) before Friday or Saturday snapshot, is it a bug or something?
Steen

Cino

@seh2000:

@ermal:

IT is ok, just ignore :)

I can ignore, but why suddenly appear, not seen in any of the previous 2.0 release candidates (1, 2, 3) before Friday or Saturday snapshot, is it a bug or something?
Steen

It was adding to the system a couple of days ago, thats why your seeing it now
https://github.com/bsdperimeter/pfsense/commit/8ac329daa06dbc88748df5ca7158d44edd5936f8

seh2000

Thanks Cino - remember the issue (I had similar problem as reported in #1407), but was not expecting to see "localhost" under DNS Server(s) in the dashboard.
Steen

rkage

And what happens when you don't enable the DNS forwarder, delayed/failed lookups?

jimp

@rkage:

And what happens when you don't enable the DNS forwarder, delayed/failed lookups?

It should fall back to the old behavior, and just not include that as a DNS server. (I just added a check for that, should be in snaps later this evening/tomorrow)

johnpoz

I just noticed this today, and I do not use the built in forwarder.  I run unbound package - so I had to modify the unbound.conf directly to listen on loopback, since highlighting both lan and loopback did not seem to work in the unbound gui setup.

This now works just fine, I actually like this if your running a full recursive resolver like unbound - why not use it vs some outside dns like google or your isp.

eri--

The primary reason for the change was to have better behviour on multiwan since people were reporting issues with dns during switching to other WANs.
This change will help those cases.

But even your view on using your dns instead of something outside there and rely only on it is valid as well.

If unbound did not start from GUI but started from command line can you show the difference in generated config so the GUI can be fixed?

johnpoz

Well it started just fine from the gui, but did not bind to the loopback like you would think it would do when you highlight it ;)

I just manually edited the unbound.conf from the shell and then hit restart in the services section of the gui and working fine line that.

Anything you need for help, just let me know – and I agree I like the loopback option.

wagonza

Ok package updated. It now listens on both v4 and v6 loopback addresses (when selected). On a side note I also added a process to update the root trust anchor file, to ensure that the file is valid and works for DNSSEC validation.

johnpoz

what about ability to add ipv6 in the ACLs? ;)

wagonza

@johnpoz:

what about ability to add ipv6 in the ACLs? ;)

heh :) the page is here in my repo. I just need to polish it off before i submit it to the masses.