Bug #15071
closedApplying interface changes may not update default ACLs for the DNS Resolver
100%
Description
To reproduce:
1. Base install of pfSense Plus 23.09 with 1 LAN and 1 WAN
2. Activate an OPT interface and give it an IP/mask (in our case, 172.17.2.1/24)
3. cat /var/unbound/access_lists.conf
4. Notice that the network 172.17.2.0/24 is not present.
Attempted to restart unbound, but that did not fix it.
Manually adding the network to access-list via GUI creates the entry in access_lists.conf
After removing the access-list entry via GUI, the network entry remains in access_lists.conf
Files
Related issues
Updated by Steve Wheeler about 1 year ago
- Target version set to 24.03
- Affected Architecture All added
Resaving the Unbound config in the gui correctly creates the ACL file with the new subnet.
It appears to not be triggered as expected by the addition of the new subnet.
Updated by Jim Pingle about 1 year ago
Steve Wheeler wrote in #note-1:
Resaving the Unbound config in the gui correctly creates the ACL file with the new subnet.
It appears to not be triggered as expected by the addition of the new subnet.
IIRC that's been the case for a while. There were similar behaviors noted in other areas like OpenVPN (#12991). Though if it worked in the past, it's also possible interface behavior regressed more recently as a consequence of other changes (e.g. DHCP registration changes due to Kea integration).
Updated by Marcos M about 1 year ago
- Project changed from pfSense Plus to pfSense
- Subject changed from New interfaces are not added to default ACL in Unbound to Applying interface changes may not update unbound's default ACL
- Category changed from DNS Resolver to DNS Resolver
- Assignee set to Marcos M
- Target version changed from 24.03 to 2.8.0
- Affected Plus Version deleted (
23.09) - Plus Target Version set to 24.03
Updated by Marcos M about 1 year ago
- Status changed from New to Feedback
Fixed in fbc8d7d04dc5f7cbec65381b81dc5f4eed06a714.
Updated by Danilo Zrenjanin about 1 year ago
- Status changed from Feedback to Resolved
Tested the patch on 23.09.
The patch fixes all reported misbehavior.
I am marking this ticket reslvoed.
Updated by Lev Prokofev about 1 year ago
Tested the patch on
23.09.1-RELEASE (arm64)
built on Wed Dec 6 23:22:00 MSK 2023
FreeBSD 14.0-CURRENT
Saving the Interface now triggers the ACL to rewrite,
Updated by Marcos M about 1 year ago
- Has duplicate Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces added
Updated by Jim Pingle 11 months ago
- Subject changed from Applying interface changes may not update unbound's default ACL to Applying interface changes may not update default ACLs for the DNS Resolver