4. FQDNs in Aliases/Rules with Local DNS

FQDNs in Aliases/Rules with Local DNS

  • M

    I recently started experimenting with having pfSense derive most of its alias information from a local DNS server rather than having two copies of hardcoded addresses.  I haven't had any problems, but before I change everything to this format, I have a few questions (and I apologize if this is covered elsewhere–I'll keep it short):

    If the DNS server is down for any reason, what will pfSense do with unresolved FQDNs used in aliases which are in turn used in rules?  Are the rules affected disabled or altered?  Is DNS info cached by pfSense for just such an contingency?

    How often does pfSense attempt to resolve these addresses?  If the DNS server again becomes available, will pfSense make the necessary corrections to the ruleset in real time without need of a manual ruleset reload?

    I'm not really sure I'm asking the right questions, but you probably have enough to get the gist.  I may have more later, but that's good for now.  Thanks in advance.

    0
  • Rebel Alliance Developer Netgate

    Those are resolved using a little daemon that checks DNS every few minutes for updates. If DNS is down, the IPs don't get put in the alias/table in pf. When DNS comes back, the IPs will be put into the table once they have been resolved.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy