Project

General

Profile

Actions

Todo #14381

closed

Feedback on Firewall — Aliases

Added by Filip Bengtsson over 1 year ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Firewall Rules
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases

Feedback: While the documentation does clearly state that hostname aliases only look up A and AAAA records, it might be helpful to specifically point out that CNAME records aren't resolved. I use DNS aliases only to block IPv6 to a few services who's IPv6 implementation often hiccups, but this is a critical nuance to note if someone were to use them for security reasons.

Actions #1

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Rejected

It resolves CNAME records OK when I try it. You may have some other issue in your DNS setup. This site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum .

See Reporting Issues with pfSense Software for more information.

Actions #2

Updated by Filip Bengtsson over 1 year ago

In that case the documentation should mention that it does follow CNAME.

Actions #3

Updated by Jim Pingle over 1 year ago

It's a natural part of DNS that CNAMES would be followed by a resolver. So long as the end result is an A/AAAA record. I don't see the need to call it out specifically.

Actions

Also available in: Atom PDF