4. FQDNs in Aliases/Rules with Local DNS

FQDNs in Aliases/Rules with Local DNS

  • M

    I recently started experimenting with having pfSense derive most of its alias information from a local DNS server rather than having two copies of hardcoded addresses.  I haven't had any problems, but before I change everything to this format, I have a few questions (and I apologize if this is covered elsewhere–I'll keep it short):

    If the DNS server is down for any reason, what will pfSense do with unresolved FQDNs used in aliases which are in turn used in rules?  Are the rules affected disabled or altered?  Is DNS info cached by pfSense for just such an contingency?

    How often does pfSense attempt to resolve these addresses?  If the DNS server again becomes available, will pfSense make the necessary corrections to the ruleset in real time without need of a manual ruleset reload?

    I'm not really sure I'm asking the right questions, but you probably have enough to get the gist.  I may have more later, but that's good for now.  Thanks in advance.

    0
  • Rebel Alliance Developer Netgate

    Those are resolved using a little daemon that checks DNS every few minutes for updates. If DNS is down, the IPs don't get put in the alias/table in pf. When DNS comes back, the IPs will be put into the table once they have been resolved.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy