Bug #5872
closedCreating a network alias with both IPv6 subnets and FQDNs results in a table with only the FQDN entries.
100%
Description
It looks like filter DNS is choking on the IPv6 entries.
To test I created a network alias containing:
2607:f8b0:4000::/36
2a00:1450:4000::/36
chaos.pfmechanics.com
forum.pfsense.org
The /36 subnets are not added to the table.
I tested in 2.2.6 and 2.3. Problem appears identically.
The resolver log shows:
Feb 10 13:10:56 filterdns invalid netmask '/36' for hostname 2607:f8b0:4000::/36
Feb 10 13:10:56 filterdns invalid netmask '/36' for hostname 2a00:1450:4000::/36
Feb 10 13:10:56 filterdns failed to resolve host chaos.pfmechanics.com will retry later again.
Feb 10 13:10:57 filterdns adding entry 208.123.73.18 to table Test_V6subnet_with_hosts on host forum.pfsense.org
Feb 10 13:10:57 filterdns adding entry 2610:160:11:1000::18 to table Test_V6subnet_with_hosts on host forum.pfsense.org
Files
Updated by Chris Buechler over 8 years ago
- Category set to Rules / NAT
- Status changed from New to Confirmed
confirmed, it adds IPv6 subnets to filterdns.conf rather than directly into the table. IPv4 subnets are handled correctly.
Updated by Luiz Souza over 8 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Fixed the filterdns v6 netmask parsing. (filterdns-1.0_8)
Updated by Chris Buechler over 8 years ago
- Status changed from Feedback to Confirmed
Still doesn't work. To match the behavior of IPv4, it'd just omit the v6 subnets from filterdns.conf and add them in filter.inc.
Updated by Luiz Souza over 8 years ago
Chris, it seems to work for me:
cat /var/etc/filterdns.cong
pf www.google.com net_host_v6
pf 2001:1291:2001:1::/64 net_host_v6
pf 2001:1291::/32 net_host_v6
creates the following table:
pfctl -t net_host_v6 -Ts
74.125.141.99
74.125.141.103
74.125.141.104
74.125.141.105
74.125.141.106
74.125.141.147
2001:1291:2001:1::/64
2001:1291::/32
2607:f8f0:400c:c06::67
Can you re-check this one, please ?
Updated by Chris Buechler over 8 years ago
- Status changed from Confirmed to Resolved
this does work now. The last test I was getting same as in original report, is correct now on a variety of cases that were an issue previously.