Bug #8001
closed
Invalid FQDN in alias causes alias table to fail *silently*
100%
Description
When you have a FQDN in an alias ans the FQDN does not resolve, the alias table creation will not happen and any other aliases that use the alias will be truncated or fail.
The root cause can be user error, but there's nothing in the system log or the firewall rebuild monitoring that indicates the failure.
This can cause a unexpected hole in the firewall, even though everything looks like it worked in the GUI.
Updated by Stuart Wyatt over 6 years ago
More specifically, in this case, the FDQN timed out (DNS didn't respond).
Updated by Jim Pingle over 6 years ago
- Target version changed from 2.4.2 to 2.4.3
Updated by Anonymous about 6 years ago
- Target version changed from 2.4.3 to 2.4.4
Updated by → luckman212 over 5 years ago
possibly related bug: https://redmine.pfsense.org/issues/8758
Updated by Luiz Souza over 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Should be fixed by the new filterdns (see #8758 too).
If you have issues, please let us know.
Updated by Renato Botelho over 5 years ago
- Target version changed from 48 to 2.4.4-p1
Updated by Chris Linstruth over 5 years ago
Created host alias with these FQDNs
www.pfsense-bug-8001.com
www.google.com
www.yahoo.com
www.netgate.com
www.pfsense.org
pfsense-bug-8001.com was forwarded to an unresponsive address.
Alias populated with the rest of the names' corresponding A and AAAA records.
Looks OK to me.
Updated by Stuart Wyatt over 5 years ago
Verified that the bad FQDN doesn't fail the tables any longer.
There's still no error. There should at least be a warning to help the user find the mistake.