Project

General

Profile

Actions

Bug #1694

closed

/etc/hosts gets dhcp clients entries with wrong domainnames

Added by Cyrus Patel over 13 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/18/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

For 2.0-RC3 (i386) snapshot of Fri Jul 15 19:39:23 EDT 2011

The dynamic entries being written to /etc/hosts on a pfsense box always have the domainname of the pfsense box itself. The DHCP configuration's "domain name" setting (the domain that dhcpd is telling the clients that they are in) is being disregarded.

The reason why this is high priority is because the only possible workaround to this problem is to give the pfsense box the same domain name as the dhcp clients. But doing such a thing can cause (in my case /will/ cause) the pfsense box to DOS itself.

In my case the domain that the clients are in has (e.g.) a directory server to which they connect and in which they are registered. The pfsense gui has no facility for configuring dnsmasq's srv-host= option. The gui also does not allow leading underscores, so _ldap. etc can't be set up individually either. With these two avenues blocked, the only route left open for configuration via the pfsense gui is to setup the other host as authoritative for all records of the domain.

So then: When an lookup comes in, and dnsmasq doesn't find it in hosts (or whatever), it passes the request the other host. Since that host will not find it, it comes back to the to the pfsense box as another lookup, and back it goes, and so on in an endless loop. The pfsense box will eventually run out of file descriptors.

In the long term pfsense should make dnsmasq's srv-host= configurable. In the medium term it should also stop second guessing user intentions (e.g. about what hostnames have to look like). But please fix the incorrect writes to /etc/hosts before 2.0 goes final.

Actions #1

Updated by Chris Buechler over 13 years ago

  • Priority changed from High to Normal
  • Target version deleted (2.0)
  • Affected Version set to All

Needs to be fixed at some point, but if you end up with a loop like that you have something configured in a non-optimal way.

Actions #2

Updated by Cyrus Patel over 13 years ago

Chris Buechler wrote:

Needs to be fixed at some point, but if you end up with a loop like that you have something configured in a non-optimal way.

No kidding!

But, as I explained, the "something" that is sub-optimally configured is the pfsense box, but which has to be sub-optimally configured because of the lack of support for srv-host= and the weird prohibition of leading-underscores on hostnames.

Bottom line is that something has to be fixed in pfsense itself for it to not require it to be configured in a non-optimal way. I don't really care which of the three is fixed. I just figured that the obviously broken writes to /etc/hosts might be easiest. On second thoughts, lifting the prohibition of leading-underscore names is probably easiest.

Actions #3

Updated by Chris Buechler about 11 years ago

  • Status changed from New to Closed

duplicate of #1819 and it has better info.

Actions

Also available in: Atom PDF