Actions
Bug #15508
closed
pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.2
Affected Architecture:
amd64
Description
Changing System Domain Local Zone Type to Redirect will break the management interface entirely if host overrides or static DHCP leases exist.
When I changed the System Domain Local Zone Type to Redirect, I got many complaints like
<27>1 2024-05-19T13:04:38.282672+02:00 gw2.myhome.net unbound 52490 - - [52490:0] error: local-data in redirect zone must reside at top of zone, not at db03.net2.myhome.net. A X.X.X.X <26>1 2024-05-19T13:04:38.282702+02:00 gw2.myhome.net unbound 52490 - - [52490:0] fatal error: Could not set up local zones <28>1 2024-05-19T13:05:02.984195+02:00 gw2.myhome.net unbound 93812 - - [93812:0] warning: duplicate local-zone gw2.myhome.net. <28>1 2024-05-19T13:05:02.984235+02:00 gw2.myhome.net unbound 93812 - - [93812:0] warning: duplicate local-zone localhost.myhome.net. <27>1 2024-05-19T13:05:02.986790+02:00 gw2.myhome.net unbound 93812 - - [93812:0] error: local-data in redirect zone must reside at top of zone, not at db03.net2.myhome.net. A X.X.X.X <26>1 2024-05-19T13:05:02.986806+02:00 gw2.myhome.net unbound 93812 - - [93812:0] fatal error: Could not set up local zones
and the unbound will not start.
There is no way of reverting the config other than restore config backup.
Changing type to Redirect, saving, Changing type back to Transparent, and saving, immediately gets rejected:
The following input errors were detected:
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone k8s.myhome.net.
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone gw2.myhome.net.
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone gw2.myhome.net.
[1716117110] unbound-checkconf[37205:0] warning: duplicate local-zone localhost.myhome.net.
[1716117110] unbound-checkconf[37205:0] error: local-data in redirect zone must reside at top of zone, not at mongodb.telemetryserver.myhome.net. A X.X.X.X
[1716117110] unbound-checkconf[37205:0] fatal error: failed local-zone, local-data configuration
The only remedy is to do a config restore, meaning that had I not have full admin permissions, the resolver would have no option to come up since then and require intervention. This can break in someone's enterprise and impact business operation, hence the urgent priority.
Updated by 
Updated by
Actions