Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FQDNs in Aliases/Rules with Local DNS

    DHCP and DNS
    2
    2
    1365
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mdpugh last edited by

      I recently started experimenting with having pfSense derive most of its alias information from a local DNS server rather than having two copies of hardcoded addresses.  I haven't had any problems, but before I change everything to this format, I have a few questions (and I apologize if this is covered elsewhere–I'll keep it short):

      If the DNS server is down for any reason, what will pfSense do with unresolved FQDNs used in aliases which are in turn used in rules?  Are the rules affected disabled or altered?  Is DNS info cached by pfSense for just such an contingency?

      How often does pfSense attempt to resolve these addresses?  If the DNS server again becomes available, will pfSense make the necessary corrections to the ruleset in real time without need of a manual ruleset reload?

      I'm not really sure I'm asking the right questions, but you probably have enough to get the gist.  I may have more later, but that's good for now.  Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Those are resolved using a little daemon that checks DNS every few minutes for updates. If DNS is down, the IPs don't get put in the alias/table in pf. When DNS comes back, the IPs will be put into the table once they have been resolved.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy