Project

General

Profile

Actions

Bug #13793

open

filterdns does not reconcile modelled tables with the current state of filter tables

Added by Reid Linnemann almost 2 years ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Category:
FilterDNS
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
25.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

filterdns tracks changes in the sets of addresses associated with hostnames to generate add/delete events for those addresses to apply to filter tables. This results in a relatively fast mechanism to update changes to a table which, because of the nature of DNS, should usually be quite small sets of additions and deletions. This model, however, fails to account for the fact that filterdns does not have exclusive access to filter tables and they may be changed out-of-band. The most prominent out-of-band change occurs when a user clears a table from the GUI. As filterdns is not aware of this out-of-band action, it maintains the assumption that all known table->host->address mappings are consistent with the state of the filter table, and will not restore entries that are removed out-of-band or remove entries that are added out-of-band.

Unfortunately, this probably means each interval we will need to read the tables and do a set comparison of each. I will also look into the pf code to see if tables might have a change reference of some kind that we could refer to, and specifically target only those tables for which the changeref differs from what we expect.


Related issues

Related to Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entriesResolvedReid Linnemann

Actions
Actions

Also available in: Atom PDF