Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #12902

closed

DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected

Added by Flole Systems over 2 years ago. Updated about 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

DNS Forwarder

Target version:

2.7.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

22.05

Release Notes:

Default

Affected Version:

2.6.0

Affected Architecture:

Description

I am using the DNS Forwarder, I set up a few DNS Servers in System->General Settings. Also I selected "Use local DNS, ignore remote DNS servers" as I have a few domain overrides set that need to be evaluated. Anyways, with that option I am always getting "REFUSED" as reponse, setting it to "Use remote DNS" causes it to work properly again. It looks like a loop is created there and the forwarders aren't passed properly to dnsmasq.

Related issues

Has duplicate Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved

Duplicate

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Status changed from New to Not a Bug
Target version deleted (~~2.7.0~~)

Your issue is related to DNS rebind protection,
please read https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-forwarder

Actions

Copy link

Updated by Flole Systems over 2 years ago

Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protection is disabled.

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Flole Systems wrote in #note-2:

Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protection is disabled.

it can be related to #12901 and https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2

Actions

Copy link

Updated by Flole Systems over 2 years ago

No.... Can you please just leave issues that you don't understand for someone else to take care of? Thanks. Or at least try to reproduce before marking obvious bugs as "not a bug", then you would notice that /etc/resolv.conf only contains 127.0.0.1 and that dnsmasq is missing a list of the other remote forwarders, so it's causing a loop as it tries to use itself as an upstream server, which isn't the case with the other options as then /etc/resolv.conf is containing the remote DNS servers.

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Status changed from Not a Bug to New
Assignee set to Viktor Gurov
Target version set to 2.7.0
Plus Target Version set to 22.05
Affected Version set to 2.6.0

Confirmed

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/657

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Status changed from New to Pull Request Review

Actions

Copy link

Updated by Viktor Gurov over 2 years ago

Status changed from Pull Request Review to Feedback
% Done changed from 0 to 100

Applied in changeset 9a36d90138b5230abeacd80162fca7c4937263de.

Actions

Copy link

Updated by Danilo Zrenjanin over 2 years ago

Status changed from Feedback to Resolved

Tested against:

2.7.0-DEVELOPMENT (amd64)
built on Fri Mar 11 06:21:33 UTC 2022
FreeBSD 12.3-STABLE

The firewall resolves successfully using Forwarder, and the "Use local DNS, ignore remote DNS servers" option is set under System General.

I am marking this ticket resolved.

Actions

Copy link

Updated by Jim Pingle over 2 years ago

Has duplicate Bug #13033: DNS lookups using DNS forwarder yields invalid cache entries in systemd-resolved added

Actions

Copy link

#10

Updated by Orion Poplawski about 2 years ago

I'm afraid that this broke my use-case. I set the following custom options:

no-resolv
server=208.67.222.222
server=208.67.220.220

because I specifically do NOT want the forwarder to use the local resolvers, but instead the ones I specify. Now the local resolvers always get added and there is no way to prevent it.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #12902

DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected

Updated by Viktor Gurov over 2 years ago

Updated by Flole Systems over 2 years ago

Updated by Viktor Gurov over 2 years ago

Updated by Flole Systems over 2 years ago

Updated by Viktor Gurov over 2 years ago

Updated by Jim Pingle over 2 years ago

Updated by Viktor Gurov over 2 years ago

Updated by Danilo Zrenjanin over 2 years ago

Updated by Jim Pingle over 2 years ago

Updated by Orion Poplawski about 2 years ago