Bug #14631
closedACL on DNS Resolver is not updated list after IPs changed on interfaces
0%
Description
ACL on DNS Resolver is not updated list after IPs changed on interfaces.
How to repruduce:
1. Create new interface
2. DNS resolver with default settings with choose ALL int
3. Check ACL on DNS resolver, all network will be presented as allow
4. Change IP on interface
5. Check ACL on DNS resolver, it shows old network, the new won't be presented until restart resolver.
So if the hosts uses default DNS from pfSense interface, they get DNS queries with refuse flag.
Before IP change
Change IP on int
Check ACL, no update, still old network
After restart resolver, the list is updated
The same behaviour on 2.7.0
Also tested on 2.6.0 and it is working fine, no need restart resolver to update ACL list.
Files
Related issues
Updated by Lev Prokofev about 1 year ago
Can confirm, adding the IP on interfaces doesn't trigger the unbound to reload the config, and the new subnet is not in the /var/unbound/access_lists.conf
Reload trigger exists for OpenVPN https://redmine.pfsense.org/issues/12991
Updated by aleksei prokofiev 11 months ago
Tested on
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT
Issue still presented.
Updated by Jonathan Lee 10 months ago
Check your config.xml file and see what the setting for this.
If you are still having issues where it can't save just save the settings again and after run this command right after
rm /tmp/config.cache
Resave it again and restart the firewall it should save, do not change it after you set it.
Updated by Jonathan Lee 10 months ago
https://docs.netgate.com/pfsense/en/latest/config/xml-configuration-file.html
Have you checked this file? You might have an old setting in it.
Updated by Marcos M 10 months ago
- Is duplicate of Bug #15071: Applying interface changes may not update default ACLs for the DNS Resolver added