Bug #15508
closed
pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
0%
Description
Changing System Domain Local Zone Type to Redirect will break the management interface entirely if host overrides or static DHCP leases exist.
When I changed the System Domain Local Zone Type to Redirect, I got many complaints like
<27>1 2024-05-19T13:04:38.282672+02:00 gw2.myhome.net unbound 52490 - - [52490:0] error: local-data in redirect zone must reside at top of zone, not at db03.net2.myhome.net. A X.X.X.X <26>1 2024-05-19T13:04:38.282702+02:00 gw2.myhome.net unbound 52490 - - [52490:0] fatal error: Could not set up local zones <28>1 2024-05-19T13:05:02.984195+02:00 gw2.myhome.net unbound 93812 - - [93812:0] warning: duplicate local-zone gw2.myhome.net. <28>1 2024-05-19T13:05:02.984235+02:00 gw2.myhome.net unbound 93812 - - [93812:0] warning: duplicate local-zone localhost.myhome.net. <27>1 2024-05-19T13:05:02.986790+02:00 gw2.myhome.net unbound 93812 - - [93812:0] error: local-data in redirect zone must reside at top of zone, not at db03.net2.myhome.net. A X.X.X.X <26>1 2024-05-19T13:05:02.986806+02:00 gw2.myhome.net unbound 93812 - - [93812:0] fatal error: Could not set up local zones
and the unbound will not start.
There is no way of reverting the config other than restore config backup.
Changing type to Redirect, saving, Changing type back to Transparent, and saving, immediately gets rejected:
The following input errors were detected:
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone k8s.myhome.net.
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone gw2.myhome.net.
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone gw2.myhome.net.
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone localhost.myhome.net.
[1716117110] unbound-checkconf[37205:0] error: local-data in redirect zone must reside at top of zone, not at mongodb.telemetryserver.myhome.net. A X.X.X.X
[1716117110] unbound-checkconf[37205:0] fatal error: failed local-zone, local-data configuration
The only remedy is to do a config restore, meaning that had I not have full admin permissions, the resolver would have no option to come up since then and require intervention. This can break in someone's enterprise and impact business operation, hence the urgent priority.
Updated by Jim Pingle about 2 months ago
- Status changed from New to Rejected
- Priority changed from Urgent to Normal
I cannot reproduce this as stated. I can switch back and forth without error even with static entries present. Possibly you have some invalid formatting in custom options conflicting but even that seems unlikely. Keep it on the forum until someone can provide a reliable way to reproduce it in lab conditions or from a stock config.
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum .
See Reporting Issues with pfSense Software for more information.
Updated by Lukáš Mojžíš about 2 months ago
Please reach out to me on my email. I will either clone the system for you or I can give you access to my system if we coordinate some workable time when we can work together.