Bug #9189
closed
Broken host overrides in DNS resolver (sometimes)
0%
Description
Expected behavior:
If we have host override in pfSense "DNS resolver", pfSense should never ever return public IP for overriden host.
Actual behavior:
Sometimes pfSense returns external IP of overriden host in additional section of reply to MX-type query (i.e. Unbound do not respect own host overrides when inserts additional info in replies). May be it's Unbound's bug.
How to solve:
Add "minimal-responses: yes" to default Unbound config and prevent Unbount from returning additional info in replies.
Details:
https://forum.netgate.com/topic/107354/dns-resolver-host-overrides-don-t-work-sometimes
Updated by JohnPoz _ almost 6 years ago
Sorry but you have not shown this to be happening... As I brought up over 2 years ago you sure your client is not pointing to some other NS as well as pfsense.
Please show the query to unbound showing you get back the additional A records for the MX... Out of the box unbound defaults to min responses YES... So it will not send any additional records unless they are specifically queried..
I have given multiple examples of this in the thread..
unbound was updated with 2.4.4p1 - its possible that old version of unbound was not using default yes? for min responses?
Updated by Jim Pingle over 5 years ago
- Category set to DNS Resolver
- Status changed from New to Rejected
Nothing actionable here. Read the forum thread for more.