Project

General

Profile

Actions

Bug #13851

closed

DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All"

Added by Louis B almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
DNS Resolver
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

When investigating unexpected IPV6 DNS behavoir, I discovered that the DNS-resolver does not function for IPV6. The problem seems to be that incoming querys are blocked due to (lack-off) IPV6 DNS ACL-rules.

For more info see https://forum.netgate.com/topic/176989/problems-with-pfsense-ipv6-dns-function-does-it-exist

Actions #1

Updated by Jim Pingle almost 2 years ago

  • Status changed from New to Rejected

The DNS resolver forms IPv6 ACLs by default already for both static and dynamic IPv6 in everything I have access to with IPv6 and testing, so something in your configuration isn't right.

This site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum .

See Reporting Issues with pfSense Software for more information.

Actions #2

Updated by Jim Pingle almost 2 years ago

  • Subject changed from DNS-resolver does not process IPV6-querys (without explicit defined ACL's) to DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All"
  • Status changed from Rejected to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.7.0
  • Plus Target Version set to 23.05

Not sure why I couldn't reproduce this before, but I found it happening on one of my lab systems. Since it was easy to reproduce there I was able to nail down a fix.

Actions #3

Updated by Jim Pingle almost 2 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Georgiy Tyutyunnik almost 2 years ago

Tested on:

Version 23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT

patch successfully resolves the issue

Actions #5

Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF