Project

General

Profile

Actions

Bug #10685

closed

DNS queries of RBLs does not work any more since 2.4.5

Added by Manfred Bongard over 4 years ago. Updated over 4 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
06/20/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5
Affected Architecture:
All

Description

Since upgrade to 2.4.5, DNS queries of RBLs returned with no answer.

queries on shell:

nslookup 2.0.0.127.b.barracudacentral.org

Server:        127.0.0.1
Address:    127.0.0.1#53
Non-authoritative answer:
Can't find 2.0.0.127.b.barracudacentral.org: No answer

The query of my next configured DNS server works:

nslookup 2.0.0.127.b.barracudacentral.org 9.9.9.9

Server:        9.9.9.9
Address:    9.9.9.9#53
Non-authoritative answer:
Name:    2.0.0.127.b.barracudacentral.org
Address: 127.0.0.2

Other queries works normal:

nslookup google.de

Server:        127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:    google.de
Address: 172.217.22.67
Name:    google.de
Address: 2a00:1450:4001:81c::2003

The DNS Resolver Log is clean.

I have this curiousness on all my six pfSense since there were upgraded.

Actions #1

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Not a Bug

This is due to the change in #9708 on 2.4.5 -- 127.0.0.1 is considered a private result now so you will need to tell the DNS Resolver it's OK to receive private address results from that domain.

https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html#dns-resolver-unbound

If you still have issues, post on the forum.

Actions #2

Updated by Manfred Bongard over 4 years ago

Thanks for your reply.
After adding

server:
private-domain: "barracudacentral.org" 

... the DNS-queries works again.

Actions

Also available in: Atom PDF