Bug #7680
closed
Wrong IP address being entered against pfSense host name on a multi-interface system in /etc/hosts
Added by tqwqllrm tqwqllrm over 7 years ago.
Updated over 7 years ago.
Description
I'm running pfSense 2.3.4 and it has multiple interfaces. It chooses one of its IP address and enters it in /etc/hosts against the pfsense box host name. It chooses the wrong IP address. I do not want clients to see this particular address being returned in DNS lookups against the pfsense box name. I tried manually editing /etc/hosts but the settings do not survive reboots. I also tried DNS forwarder and resolver overrides and both the wrong IP and the override IP are both returned.
- Status changed from New to Needs Patch
- Target version deleted (
2.3.4-p1)
There isn't any viable method to override that and adding one would be a lot of work for little benefit. If someone wants to make a PR, go ahead, but I don't see that getting attention internally here.
You could use the forwarder along with its "localise-queries" advanced option (put that into the advanced option box) to make it return a result inside the subnet that made the query. That, plus a host override in the forwarder to define the hostname in that subnet, should do what you want.
Otherwise, rename the firewall's own hostname and then use whatever override you like.
Jim Pingle wrote:
There isn't any viable method to override that and adding one would be a lot of work for little benefit. If someone wants to make a PR, go ahead, but I don't see that getting attention internally here.
You could use the forwarder along with its "localise-queries" advanced option (put that into the advanced option box) to make it return a result inside the subnet that made the query. That, plus a host override in the forwarder to define the hostname in that subnet, should do what you want.
Otherwise, rename the firewall's own hostname and then use whatever override you like.
Unfortunately the localise-queries option didn't work in forwarder. Also renaming the firewall host name won't solve the problem. For me this bug is forcing me away from using pfSense onboard DNS services like resolver or forwarder and having to make my LAN devices to use external DNS instead because I can't control that one DNS record. For security reasons I can't afford info leakage through DNS like this.
Also available in: Atom
PDF