FQDNs in Aliases/Rules with Local DNS
-
I recently started experimenting with having pfSense derive most of its alias information from a local DNS server rather than having two copies of hardcoded addresses. I haven't had any problems, but before I change everything to this format, I have a few questions (and I apologize if this is covered elsewhere–I'll keep it short):
If the DNS server is down for any reason, what will pfSense do with unresolved FQDNs used in aliases which are in turn used in rules? Are the rules affected disabled or altered? Is DNS info cached by pfSense for just such an contingency?
How often does pfSense attempt to resolve these addresses? If the DNS server again becomes available, will pfSense make the necessary corrections to the ruleset in real time without need of a manual ruleset reload?
I'm not really sure I'm asking the right questions, but you probably have enough to get the gist. I may have more later, but that's good for now. Thanks in advance.
-
Those are resolved using a little daemon that checks DNS every few minutes for updates. If DNS is down, the IPs don't get put in the alias/table in pf. When DNS comes back, the IPs will be put into the table once they have been resolved.
