Project

General

Profile

Bug #4444

Reverse lookup domain overrides and "Do not forward private reverse lookups"

Added by Phillip Davis over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
DNS Resolver
Target version:
Start date:
02/18/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

If you enable "Do not forward private reverse lookups" and then have domain override(s) that cover whole chunk(s) of the private IPv4 address space, then those domain override(s) are not effective.
e.g. domain override for 10.in-addr.arpa
This is because the code to implement "Do not forward private reverse lookups" has already effectively blocked off the IPv4 private address space in chunks that exactly match those.
Reported in forum: https://forum.pfsense.org/index.php?topic=88814.0
and I think also previously in forum, but I never got around to looking closely at it.

Make the code that implements "Do not forward private reverse lookups" smarter so it does not do its thing for chunks of IPv4 private address space that have matching reverse lookup domain overrides.

Pull request: https://github.com/pfsense/pfsense/pull/1498

History

#1 Updated by Renato Botelho over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Merged

#2 Updated by Chris Buechler about 5 years ago

  • Category changed from DNS Forwarder to DNS Resolver
  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF