Bug #12902
closed
DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
100%
Description
I am using the DNS Forwarder, I set up a few DNS Servers in System->General Settings. Also I selected "Use local DNS, ignore remote DNS servers" as I have a few domain overrides set that need to be evaluated. Anyways, with that option I am always getting "REFUSED" as reponse, setting it to "Use remote DNS" causes it to work properly again. It looks like a loop is created there and the forwarders aren't passed properly to dnsmasq.
Related issues
Updated by Viktor Gurov over 2 years ago
- Status changed from New to Not a Bug
- Target version deleted (
2.7.0)
Your issue is related to DNS rebind protection,
please read https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-forwarder
Updated by Flole Systems over 2 years ago
Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protection is disabled.
Updated by Viktor Gurov over 2 years ago
Flole Systems wrote in #note-2:
Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protection is disabled.
it can be related to #12901 and https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2
Updated by Flole Systems over 2 years ago
No.... Can you please just leave issues that you don't understand for someone else to take care of? Thanks. Or at least try to reproduce before marking obvious bugs as "not a bug", then you would notice that /etc/resolv.conf only contains 127.0.0.1 and that dnsmasq is missing a list of the other remote forwarders, so it's causing a loop as it tries to use itself as an upstream server, which isn't the case with the other options as then /etc/resolv.conf is containing the remote DNS servers.
Updated by Viktor Gurov over 2 years ago
- Status changed from Not a Bug to New
- Assignee set to Viktor Gurov
- Target version set to 2.7.0
- Plus Target Version set to 22.05
- Affected Version set to 2.6.0
Updated by Jim Pingle over 2 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov over 2 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 9a36d90138b5230abeacd80162fca7c4937263de.
Updated by Danilo Zrenjanin over 2 years ago
- Status changed from Feedback to Resolved
Tested against:
2.7.0-DEVELOPMENT (amd64) built on Fri Mar 11 06:21:33 UTC 2022 FreeBSD 12.3-STABLE
The firewall resolves successfully using Forwarder, and the "Use local DNS, ignore remote DNS servers" option is set under System General.
I am marking this ticket resolved.
Updated by Jim Pingle over 2 years ago
- Has duplicate Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved added
Updated by Orion Poplawski about 2 years ago
I'm afraid that this broke my use-case. I set the following custom options:
no-resolv
server=208.67.222.222
server=208.67.220.220
because I specifically do NOT want the forwarder to use the local resolvers, but instead the ones I specify. Now the local resolvers always get added and there is no way to prevent it.