Project

General

Profile

Actions

Bug #3455

closed

Selecting interfaces for DNS forwarder breaks auto-update

Added by Adam Thompson almost 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
DNS Forwarder
Target version:
-
Start date:
02/16/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

An interesting intersection of two features...
If the local DNS forwarder is the first DNS server pfSense queries (per Todo #1695) and the user has selected specific interfaces at Services->DNS Forwarder->Interfaces not including "localhost", then all autoupdate and package functions break.
It's difficult to troubleshoot, because from the command-line, DNS resolution still works, it just takes a few seconds longer than normal. But in the GUI, anything that phones home fails after ~30sec.

There are two solutions:
1. In Services->DNS Forwarder->Interfaces, ensure "localhost" is selected
2. In System->General Setup->DNS Servers, select "Do not use the DNS Forwarder as a DNS server for the firewall"

Since neither of these are immediately obvious, I would suggest a couple of things:
a. add warning text to both pages:
To General Setup, I would add "If the DNS Forwarder does not listen on localhost (127.0.0.1), turn this option on."
To DNS Forwarders->Interfaces, I would add "The firewall normally relies on DNS queries to 'localhost'. If 'Localhost' is not selected here, use the 'Do not use the DNS Forwarder as a DNS server for the firewall' option in System->General Setup to change this behaviour."

b. (possibly, this might be a bad idea) check the value of that checkbox when saving the DNS Forwarded changes and either disallow this situation or post a warning message.

Actions

Also available in: Atom PDF