Project

General

Profile

Actions
Copy link

Bug #14288

closed

Setting system DNS servers can incorrectly modify routes for interface addresses

Added by Marcos M about 1 year ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05.1
Release Notes:
Default
Affected Version:
2.5.1
Affected Architecture:

Description

Tested on 23.01

Using an address on lo0 (e.g. a localhost VIP or simply @127.0.0.1) as a DNS sever under System / General Setup results in a missing route for the specified address.

Example below after adding 127.0.0.1 (persists reboots):

[23.01-RELEASE][root@router.lab.arpa]/root: netstat -rn4
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            10.0.5.1           UGS        vmx1
10.0.5.0/24        link#2             U          vmx1
10.0.5.75          link#2             UHS         lo0
172.19.0.0/20      192.0.2.4          UGS        vmx2
192.0.2.0/28       link#3             U          vmx2
192.0.2.1          link#3             UHS         lo0
192.0.2.200/29     link#11            U      vmx3.522
192.0.2.201        link#11            UHS         lo0
192.0.2.240/28     link#9             U      vmx3.521
192.0.2.241        link#9             UHS         lo0
192.168.0.0/20     198.51.100.2       UGS        vmx0
198.51.100.0/28    link#1             U          vmx0
198.51.100.1       link#1             UHS         lo0

Actions
Copy link
 #1

Updated by Marcos M about 1 year ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Marcos M about 1 year ago

  • Description updated (diff)
  • Affected Version set to 2.5.1

Some related discussion:
https://forum.netgate.com/topic/162791/

The issue was introduced in 2.5.1 with https://redmine.pfsense.org/issues/11578. The code removes the route when a gateway is not set for the DNS server. Since this process only deletes routes on localhost (routes for other interfaces remain), validation could be added to prevent localhost routes from being deleted. This should be an adequate solution given that a localhost gateway cannot be created and hence used in the DNS Servers option.

Note:
Due to this issue and https://redmine.pfsense.org/issues/12078, it's no longer possible to configure pfSense to use bind for its own DNS queries (e.g. update checks).

Actions
Copy link
 #3

Updated by Steve Wheeler almost 1 year ago

This impacted quite a few users at the time. It should at least be documented. I would prefer to see a note on the General Setup page to prevent foot shooting.

Actions
Copy link
 #4

Updated by Marcos M 12 months ago

  • Subject changed from Using a localhost address as a system DNS server prevents its route from being added to Setting system DNS servers can incorrectly modify routes for interface addresses
  • Status changed from New to Pull Request Review

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1029

This ignores route changes when the DNS IP address exists on an interface.

Actions
Copy link
 #5

Updated by Marcos M 10 months ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Jim Pingle 10 months ago

  • Target version set to 2.7.0
  • Plus Target Version set to 23.05.1
Actions
Copy link
 #7

Updated by Marcos M 10 months ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF