Project

General

Profile

Actions

Bug #14631

closed

ACL on DNS Resolver is not updated list after IPs changed on interfaces

Added by aleksei prokofiev about 1 year ago. Updated 10 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

ACL on DNS Resolver is not updated list after IPs changed on interfaces.
How to repruduce:
1. Create new interface
2. DNS resolver with default settings with choose ALL int
3. Check ACL on DNS resolver, all network will be presented as allow
4. Change IP on interface
5. Check ACL on DNS resolver, it shows old network, the new won't be presented until restart resolver.
So if the hosts uses default DNS from pfSense interface, they get DNS queries with refuse flag.

Before IP change

Change IP on int

Check ACL, no update, still old network

After restart resolver, the list is updated

The same behaviour on 2.7.0
Also tested on 2.6.0 and it is working fine, no need restart resolver to update ACL list.


Files

clipboard-202307310941-lra8i.png (18.2 KB) clipboard-202307310941-lra8i.png aleksei prokofiev, 07/31/2023 06:42 AM
clipboard-202307310942-y6uwi.png (35.9 KB) clipboard-202307310942-y6uwi.png aleksei prokofiev, 07/31/2023 06:42 AM
clipboard-202307310943-dvhyx.png (11.6 KB) clipboard-202307310943-dvhyx.png aleksei prokofiev, 07/31/2023 06:43 AM
clipboard-202307310944-hxopr.png (11.8 KB) clipboard-202307310944-hxopr.png aleksei prokofiev, 07/31/2023 06:44 AM
clipboard-202307310946-gaj3j.png (11.3 KB) clipboard-202307310946-gaj3j.png aleksei prokofiev, 07/31/2023 06:46 AM
Screenshot 2023-12-19 at 7.57.24 PM.png (381 KB) Screenshot 2023-12-19 at 7.57.24 PM.png Jonathan Lee, 12/20/2023 03:57 AM

Related issues

Is duplicate of Bug #15071: Applying interface changes may not update default ACLs for the DNS ResolverResolvedMarcos M

Actions
Actions #1

Updated by Lev Prokofev about 1 year ago

Can confirm, adding the IP on interfaces doesn't trigger the unbound to reload the config, and the new subnet is not in the /var/unbound/access_lists.conf

Reload trigger exists for OpenVPN https://redmine.pfsense.org/issues/12991

Actions #2

Updated by aleksei prokofiev 11 months ago

Tested on
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT

Issue still presented.

Actions #3

Updated by Jonathan Lee 10 months ago

Check your config.xml file and see what the setting for this.

If you are still having issues where it can't save just save the settings again and after run this command right after

rm /tmp/config.cache

Resave it again and restart the firewall it should save, do not change it after you set it.

Actions #5

Updated by Marcos M 10 months ago

  • Project changed from pfSense Plus to pfSense
  • Category changed from DNS Resolver to DNS Resolver
  • Status changed from New to Duplicate
  • Affected Plus Version deleted (23.05.1)
Actions #6

Updated by Marcos M 10 months ago

  • Is duplicate of Bug #15071: Applying interface changes may not update default ACLs for the DNS Resolver added
Actions

Also available in: Atom PDF