filterdns does not reconcile modelled tables with the current state of filter tables
filterdns tracks changes in the sets of addresses associated with hostnames to generate add/delete events for those addresses to apply to filter tables. This results in a relatively fast mechanism to update changes to a table which, because of the nature of DNS, should usually be quite small sets of additions and deletions. This model, however, fails to account for the fact that filterdns does not have exclusive access to filter tables and they may be changed out-of-band. The most prominent out-of-band change occurs when a user clears a table from the GUI. As filterdns is not aware of this out-of-band action, it maintains the assumption that all known table->host->address mappings are consistent with the state of the filter table, and will not restore entries that are removed out-of-band or remove entries that are added out-of-band.
Unfortunately, this probably means each interval we will need to read the tables and do a set comparison of each. I will also look into the pf code to see if tables might have a change reference of some kind that we could refer to, and specifically target only those tables for which the changeref differs from what we expect.
Updated by Reid Linnemann 3 months ago
- Related to Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries added