Bug #2392: Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups. - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Plus - All Open Issues
23.09.1 Target - All Closed Issues
23.09.1 Target - All Open Issues
24.03 Plus - All Closed Issues
24.03 Plus - All Open Issues
24.03 Plus - Feedback Issues
24.03 Plus - Needs Attention/Work
24.03 Plus - New/Confirmed/In Progress Issues
24.03 Plus - Pull Request Review
24.03 Plus - Waiting on Merge
24.03 Target - All Closed Issues
24.03 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #2392

closed

Adding outgoing, floating rule for DNS on the WAN interface breaks DNS lookups.

Added by Oliver Loch about 12 years ago. Updated about 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

DNS Forwarder

Target version:

Start date:

04/22/2012

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.0.1

Affected Architecture:

Description

Hi,

when adding a floating rule that allows outgoing traffic on the wan interface from the wan address to any tcp/udp with destport 53, the dnsmasq resolver stops working.

It's a pass rule and I'm NOT using the quick option. But I assign the traffic to an HFSC queue on the wan interface so that it gets preferred over other traffic. The queue is part of HFSC queues with a default traffic of 5% and a realtime of 5% (m2).

I can run dig on the pfsense box and it's working without any problems. Only the dnsmasq service stops working. A restart of the service doesn't solve the problem.

A dig to localhost (127.0.0.1) stops working as well.

KR,

Oliver

History
Notes
Property changes

Actions

Copy link

Updated by Jim Pingle about 12 years ago

Does it break without the QoS parts on the rule?

QoS on floating rules should be using the "match" action, not "pass", though I am unsure why a pass rule would cause this (it may be worth investigating), what you are doing isn't how things are intended to work on Floating rules.

Actions

Copy link

Updated by Oliver Loch about 12 years ago

Hi,

yes it's also breaking if I don't assign the traffic to a queue.

The default queue is used anyway, which is also the case if I just delete the whole rule.

What am I missing when it comes to floating rules?

KR,

Oliver

Actions

Copy link

Updated by Jim Pingle about 12 years ago

That's really a question for the forum, not the ticket system. Such discussion doesn't belong on here.

Actions

Copy link

Updated by Oliver Loch about 12 years ago

Yeah, you're right, but when i try to differ between a bug and pebcak, one should be able to ask the question.

I'm using the floating rules on the wan interface to be able to prefer ack/small packets and ssh stuff over smtp/ftp uploads.

As I can only assign the traffic to a queue the moment it creates state, i have to use the outgoing floating rules on wan.

KR,

Oliver

Actions

Copy link

Updated by Jim Pingle about 12 years ago

Well not meaning to be pedantic about it, but the bug/pebkac question should be solved on the forum before opening a ticket. The ticket system is meant for confirmed bugs, and discussing on the forum, mailing list, or IRC, to determine that status is a prerequisite.

Actions

Copy link