Project

General

Profile

Actions

Bug #6982

closed

Nested Aliases with FQDNs do not populate parent table in some cases

Added by Chris Linstruth almost 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
Rules / NAT
Target version:
Start date:
12/03/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.2
Affected Architecture:

Description

In some cases a nested alias containing FQDNs does not populate the parent table until filterdns runs again at its interval.

Can be duplicated by creating an alias list similar to the attached then Status > Filter Reload and click Reload Filter.

Note that groupone will not contain any entries from grouptwo (or the nested fqdnnest11 or fqdns).

Examining those three tables reveals they are still populated with data.

As soon as filterdns runs again everything is populated.

This can be hastened by editing the filterdns interval in System > Advanced and saving. This restarts filterdns and results in an immediate run, populating the parent table.

Now remove firmware.netgate.com from grouptwo and reload the filter. All of the entries from grouptwo will now be present instead of none with the exception of fqdns and fqdnnest11. Those will not be in the table until filterdns fires again.

There are certain cases where editing aliases results in a proper, full reload and certain cases where editing them requires waiting for filterdns to run again. I have not been able to identify what does what there.


Files

Actions #1

Updated by Chris Linstruth almost 5 years ago

I should add that the only alias present in any rules is groupone. It is on LAN pass IPv4 any from LAN net destination groupone.

Actions #2

Updated by Chris Linstruth almost 5 years ago

Here is the aliases export I am using to test. It should match the screenshot above.

Actions #3

Updated by Renato Botelho almost 5 years ago

  • Assignee set to Renato Botelho

I'll work on it

Actions #4

Updated by Renato Botelho almost 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Chris Linstruth almost 5 years ago

This is working well for me with changeset applied using system patches on 2.3.2_1 that I was using in my initial testing. Also imported test alias set into 2.4. Working there too.

Actions #6

Updated by Renato Botelho almost 5 years ago

  • Status changed from Feedback to Resolved
Actions #7

Updated by Jim Pingle almost 5 years ago

  • Status changed from Resolved to Assigned

This fix broke port aliases.

With this commit, port aliases are empty:

LDAP_Ports = "{  }" 

Revert the commit and the ports alias works again.

LDAP_Ports = "{   389  636 }" 

Actions #8

Updated by Renato Botelho almost 5 years ago

  • Status changed from Assigned to Feedback
Actions #9

Updated by Jim Pingle almost 5 years ago

  • Assignee changed from Renato Botelho to Chris Linstruth

Port aliases work again with that last commit. Will leave it open waiting for feedback to make sure the original issue is still solved.

Actions #10

Updated by Chris Linstruth almost 5 years ago

This looks good to me.

Thought there was still an issue but it just turns out one of my test fqdns (www.cnn.com) has a short TTL and seems to cycle between returning 1 and 4 A records here. Table updating appropriately on filterdns runs.

Port aliases look good too. Even nested.

Thanks!

Actions #11

Updated by Jim Pingle almost 5 years ago

  • Status changed from Feedback to Resolved
Actions #12

Updated by Jim Pingle almost 5 years ago

  • Target version changed from 2.4.0 to 2.3.3
Actions

Also available in: Atom PDF