Bug #8390
closedInput validation does not prevent removing a gateway used by a DNS server
100%
Description
Hi,
I often see following log entries that I didn't see before removing HE.net tunnel in latest RC build.
78.46.223.24 is nordvpn dns server i entered in system -> general setup
The errors were similar to 78.46.223.24 but with quad9 ipv6 dns servers earlier but then I removed ipv6 dns servers from system -> general setup and then I started seeing following errors.
Mar 25 22:47:34 php-fpm 326 /system.php: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
... editing dns under System -> General Setup
Mar 25 22:46:28 php-fpm 52075 /services_unbound.php: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
... changed unbound settings
Mar 25 22:40:42 php-fpm 326 /rc.newwanip: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
... openvpn interface up
Mar 25 22:40:34 php-fpm 325 /rc.newwanip: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
Mar 25 22:40:34 php-fpm 325 /rc.newwanip: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
Mar 25 22:40:34 php-fpm 325 /rc.newwanip: The command '/sbin/route delete -host 78.46.223.24' returned exit code '1', the output was 'route: route has not been found delete host 78.46.223.24 fib 0: not in table'
... wan interface up
Mar 25 22:40:33 php-cgi rc.bootup: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
Mar 25 22:40:33 php-cgi rc.bootup: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
Mar 25 22:40:33 php-cgi rc.bootup: The command '/sbin/route delete -host 78.46.223.24' returned exit code '1', the output was 'route: route has not been found delete host 78.46.223.24 fib 0: not in table'
Updated by rub man over 6 years ago
I partially fixed the issue by adding dns 2620:fe::fe and then deleting it.
Now I only see one error message at bootup (and no error at openvpn up/changing unbound settings/changing dns)::
Mar 25 23:24:40 php-fpm 326 /rc.newwanip: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
Mar 25 23:24:40 php-fpm 326 /rc.newwanip: The command '/sbin/route delete -host 78.46.223.24' returned exit code '1', the output was 'route: route has not been found delete host 78.46.223.24 fib 0: not in table'
... wan up
Mar 25 23:24:39 php-cgi rc.bootup: The command '/sbin/route delete -host ' returned exit code '64', the output was 'route: destination parameter required route: usage: route [-46dnqtv] command [[modifiers] args]'
Mar 25 23:24:39 php-cgi rc.bootup: The command '/sbin/route delete -host 78.46.223.24' returned exit code '1', the output was 'route: route has not been found delete host 78.46.223.24 fib 0: not in table'
Updated by rub man over 6 years ago
my config.xml file had <dns5gw>NORDVPN_DHCP</dns5gw>
despite having no DNS entries in System/Advanced
changed it to <dns5gw>none</dns5gw> and problem solved!
I would like to thank the source code for helping me narrow down the problem.
Updated by Ivars Strazdins about 4 years ago
This issue was driving me nuts!
Thanks to your hint, I was able to find similar "ghost" DNS servers in configuration export and removed them.
Updated by Viktor Gurov about 4 years ago
- Status changed from New to Feedback
Updated by Jim Pingle about 4 years ago
- Status changed from Feedback to Confirmed
Their problem is different from the ones linked.
When you remove a gateway, there can still be entries in the DNS server list using that gateway. Input validation should probably prevent removing a gateway if it's still in use by DNS servers.
You can edit the DNS server and change it to a valid gateway, or remove the affected DNS server.
Updated by Viktor Gurov over 3 years ago
Jim Pingle wrote in #note-5:
Their problem is different from the ones linked.
When you remove a gateway, there can still be entries in the DNS server list using that gateway. Input validation should probably prevent removing a gateway if it's still in use by DNS servers.
input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/341
Updated by Jim Pingle over 3 years ago
- Status changed from Confirmed to Pull Request Review
- Target version set to CE-Next
- Plus Target Version set to Plus-Next
Updated by Viktor Gurov about 3 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset d6bbbf3544326efe4f4970406f1a5c476cedddcb.
Updated by Danilo Zrenjanin about 3 years ago
- Status changed from Feedback to Resolved
I tested against today's development release.
I got an error message and couldn't remove a gateway that was defined to be used by the DNS server.
It looks OK. Ticket resolved.
Updated by Jim Pingle about 3 years ago
- Subject changed from Strange Error after deleting GIF HE.net IPv6 tunnel latest RC to Input validation does not prevent removing a gateway used by a DNS server
- Target version changed from CE-Next to 2.6.0
- Plus Target Version changed from Plus-Next to 22.01
Updating subject for release notes and fixing targets.